Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0632
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Desktop 15 SP6 | ||
| SUSE | N/A | Basesystem Module 15-SP6 | ||
| SUSE | N/A | Public Cloud Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | Legacy Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | Development Tools Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Desktop 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Basesystem Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Legacy Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Development Tools Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-26625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26625"
},
{
"name": "CVE-2023-52622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52622"
},
{
"name": "CVE-2024-26814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26814"
},
{
"name": "CVE-2024-26750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26750"
},
{
"name": "CVE-2024-26813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26813"
},
{
"name": "CVE-2024-26676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26676"
},
{
"name": "CVE-2024-26780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26780"
},
{
"name": "CVE-2024-26845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26845"
},
{
"name": "CVE-2024-26889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26889"
},
{
"name": "CVE-2024-26920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26920"
},
{
"name": "CVE-2023-38417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38417"
},
{
"name": "CVE-2023-47210",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47210"
},
{
"name": "CVE-2024-35848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35848"
},
{
"name": "CVE-2024-36017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
},
{
"name": "CVE-2024-36904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36904"
},
{
"name": "CVE-2024-36916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36916"
},
{
"name": "CVE-2024-36919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36919"
},
{
"name": "CVE-2024-36934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36934"
},
{
"name": "CVE-2024-36957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36957"
},
{
"name": "CVE-2023-52656",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52656"
},
{
"name": "CVE-2023-52699",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52699"
},
{
"name": "CVE-2023-52753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52753"
},
{
"name": "CVE-2023-52754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52754"
},
{
"name": "CVE-2023-52757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52757"
},
{
"name": "CVE-2023-52759",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52759"
},
{
"name": "CVE-2023-52763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52763"
},
{
"name": "CVE-2023-52764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52764"
},
{
"name": "CVE-2023-52766",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52766"
},
{
"name": "CVE-2023-52773",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52773"
},
{
"name": "CVE-2023-52774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52774"
},
{
"name": "CVE-2023-52777",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52777"
},
{
"name": "CVE-2023-52781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52781"
},
{
"name": "CVE-2023-52788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52788"
},
{
"name": "CVE-2023-52789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52789"
},
{
"name": "CVE-2023-52791",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52791"
},
{
"name": "CVE-2023-52795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52795"
},
{
"name": "CVE-2023-52796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52796"
},
{
"name": "CVE-2023-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52798"
},
{
"name": "CVE-2023-52799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52799"
},
{
"name": "CVE-2023-52800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52800"
},
{
"name": "CVE-2023-52803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52803"
},
{
"name": "CVE-2023-52804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52804"
},
{
"name": "CVE-2023-52805",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52805"
},
{
"name": "CVE-2023-52806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52806"
},
{
"name": "CVE-2023-52807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52807"
},
{
"name": "CVE-2023-52808",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52808"
},
{
"name": "CVE-2023-52809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52809"
},
{
"name": "CVE-2023-52810",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52810"
},
{
"name": "CVE-2023-52811",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52811"
},
{
"name": "CVE-2023-52814",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52814"
},
{
"name": "CVE-2023-52815",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52815"
},
{
"name": "CVE-2023-52816",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52816"
},
{
"name": "CVE-2023-52817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52817"
},
{
"name": "CVE-2023-52818",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52818"
},
{
"name": "CVE-2023-52819",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52819"
},
{
"name": "CVE-2023-52821",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52821"
},
{
"name": "CVE-2023-52825",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52825"
},
{
"name": "CVE-2023-52826",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52826"
},
{
"name": "CVE-2023-52832",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52832"
},
{
"name": "CVE-2023-52833",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52833"
},
{
"name": "CVE-2023-52834",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52834"
},
{
"name": "CVE-2023-52838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52838"
},
{
"name": "CVE-2023-52840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52840"
},
{
"name": "CVE-2023-52841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52841"
},
{
"name": "CVE-2023-52844",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52844"
},
{
"name": "CVE-2023-52847",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52847"
},
{
"name": "CVE-2023-52851",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52851"
},
{
"name": "CVE-2023-52853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52853"
},
{
"name": "CVE-2023-52854",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52854"
},
{
"name": "CVE-2023-52855",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52855"
},
{
"name": "CVE-2023-52856",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52856"
},
{
"name": "CVE-2023-52858",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52858"
},
{
"name": "CVE-2023-52861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52861"
},
{
"name": "CVE-2023-52864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
},
{
"name": "CVE-2023-52865",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52865"
},
{
"name": "CVE-2023-52867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52867"
},
{
"name": "CVE-2023-52868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52868"
},
{
"name": "CVE-2023-52870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52870"
},
{
"name": "CVE-2023-52871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52871"
},
{
"name": "CVE-2023-52872",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52872"
},
{
"name": "CVE-2023-52873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52873"
},
{
"name": "CVE-2023-52875",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52875"
},
{
"name": "CVE-2023-52876",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52876"
},
{
"name": "CVE-2023-52877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52877"
},
{
"name": "CVE-2023-52878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52878"
},
{
"name": "CVE-2023-52880",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52880"
},
{
"name": "CVE-2024-0090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0090"
},
{
"name": "CVE-2024-0091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0091"
},
{
"name": "CVE-2024-0092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0092"
},
{
"name": "CVE-2024-26758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26758"
},
{
"name": "CVE-2024-27419",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27419"
},
{
"name": "CVE-2024-35976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35976"
},
{
"name": "CVE-2024-35998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35998"
},
{
"name": "CVE-2024-36924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36924"
},
{
"name": "CVE-2024-36926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36926"
},
{
"name": "CVE-2024-36938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36938"
},
{
"name": "CVE-2024-36952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36952"
},
{
"name": "CVE-2023-52672",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52672"
},
{
"name": "CVE-2024-27414",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27414"
},
{
"name": "CVE-2024-35807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35807"
},
{
"name": "CVE-2024-35884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35884"
},
{
"name": "CVE-2024-35886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35886"
},
{
"name": "CVE-2024-35896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35896"
},
{
"name": "CVE-2024-35898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35898"
},
{
"name": "CVE-2024-35900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35900"
},
{
"name": "CVE-2024-35925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35925"
},
{
"name": "CVE-2024-35962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35962"
},
{
"name": "CVE-2024-36005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
},
{
"name": "CVE-2024-36008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36008"
},
{
"name": "CVE-2024-36960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36960"
},
{
"name": "CVE-2024-36964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36964"
},
{
"name": "CVE-2024-36971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
},
{
"name": "CVE-2024-37353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37353"
},
{
"name": "CVE-2024-38381",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38381"
},
{
"name": "CVE-2024-38549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38549"
},
{
"name": "CVE-2024-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38552"
},
{
"name": "CVE-2024-38559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38559"
},
{
"name": "CVE-2024-38560",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38560"
},
{
"name": "CVE-2024-38565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38565"
},
{
"name": "CVE-2024-38567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38567"
},
{
"name": "CVE-2024-38578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38578"
},
{
"name": "CVE-2024-38579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38579"
},
{
"name": "CVE-2024-38582",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38582"
},
{
"name": "CVE-2024-38583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38583"
},
{
"name": "CVE-2024-38587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38587"
},
{
"name": "CVE-2024-38599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38599"
},
{
"name": "CVE-2024-38601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38601"
},
{
"name": "CVE-2024-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38618"
},
{
"name": "CVE-2024-38621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38621"
},
{
"name": "CVE-2024-38627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38627"
},
{
"name": "CVE-2024-38633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38633"
},
{
"name": "CVE-2024-38634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38634"
},
{
"name": "CVE-2024-38780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38780"
},
{
"name": "CVE-2024-35827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35827"
},
{
"name": "CVE-2024-35831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35831"
},
{
"name": "CVE-2024-35843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35843"
},
{
"name": "CVE-2023-52813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
},
{
"name": "CVE-2023-52835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2021-47432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47432"
},
{
"name": "CVE-2022-48772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48772"
},
{
"name": "CVE-2023-52735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52735"
},
{
"name": "CVE-2023-52762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52762"
},
{
"name": "CVE-2023-52784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52784"
},
{
"name": "CVE-2023-52787",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52787"
},
{
"name": "CVE-2023-52837",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52837"
},
{
"name": "CVE-2023-52843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52843"
},
{
"name": "CVE-2023-52845",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52845"
},
{
"name": "CVE-2023-52846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52846"
},
{
"name": "CVE-2023-52869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52869"
},
{
"name": "CVE-2023-52884",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52884"
},
{
"name": "CVE-2024-33619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33619"
},
{
"name": "CVE-2024-35247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35247"
},
{
"name": "CVE-2024-35857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35857"
},
{
"name": "CVE-2024-35979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35979"
},
{
"name": "CVE-2024-36477",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36477"
},
{
"name": "CVE-2024-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36478"
},
{
"name": "CVE-2024-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36479"
},
{
"name": "CVE-2024-36899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36899"
},
{
"name": "CVE-2024-36900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36900"
},
{
"name": "CVE-2024-36915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36915"
},
{
"name": "CVE-2024-36917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36917"
},
{
"name": "CVE-2024-36923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36923"
},
{
"name": "CVE-2024-36937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36937"
},
{
"name": "CVE-2024-36945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
},
{
"name": "CVE-2024-36965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36965"
},
{
"name": "CVE-2024-36967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36967"
},
{
"name": "CVE-2024-36969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36969"
},
{
"name": "CVE-2024-36975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36975"
},
{
"name": "CVE-2024-36978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36978"
},
{
"name": "CVE-2024-37021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37021"
},
{
"name": "CVE-2024-37078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37078"
},
{
"name": "CVE-2024-37354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37354"
},
{
"name": "CVE-2024-38388",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38388"
},
{
"name": "CVE-2024-38390",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38390"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2024-38541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
},
{
"name": "CVE-2024-38544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38544"
},
{
"name": "CVE-2024-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38545"
},
{
"name": "CVE-2024-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38546"
},
{
"name": "CVE-2024-38547",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38547"
},
{
"name": "CVE-2024-38548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38548"
},
{
"name": "CVE-2024-38550",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38550"
},
{
"name": "CVE-2024-38553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38553"
},
{
"name": "CVE-2024-38555",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38555"
},
{
"name": "CVE-2024-38556",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38556"
},
{
"name": "CVE-2024-38557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38557"
},
{
"name": "CVE-2024-38564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38564"
},
{
"name": "CVE-2024-38568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38568"
},
{
"name": "CVE-2024-38571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38571"
},
{
"name": "CVE-2024-38573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38573"
},
{
"name": "CVE-2024-38580",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38580"
},
{
"name": "CVE-2024-38581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38581"
},
{
"name": "CVE-2024-38590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38590"
},
{
"name": "CVE-2024-38591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38591"
},
{
"name": "CVE-2024-38594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38594"
},
{
"name": "CVE-2024-38597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38597"
},
{
"name": "CVE-2024-38600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38600"
},
{
"name": "CVE-2024-38603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38603"
},
{
"name": "CVE-2024-38605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38605"
},
{
"name": "CVE-2024-38608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38608"
},
{
"name": "CVE-2024-38616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38616"
},
{
"name": "CVE-2024-38619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38619"
},
{
"name": "CVE-2024-38630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38630"
},
{
"name": "CVE-2024-38635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38635"
},
{
"name": "CVE-2024-38661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38661"
},
{
"name": "CVE-2024-39301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39301"
},
{
"name": "CVE-2024-39469",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39469"
},
{
"name": "CVE-2024-39471",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39471"
},
{
"name": "CVE-2024-38610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38610"
},
{
"name": "CVE-2024-35880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35880"
},
{
"name": "CVE-2024-35892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35892"
},
{
"name": "CVE-2024-35926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35926"
},
{
"name": "CVE-2024-35957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35957"
},
{
"name": "CVE-2024-35970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35970"
},
{
"name": "CVE-2024-36024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36024"
},
{
"name": "CVE-2024-38543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38543"
},
{
"name": "CVE-2024-38663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38663"
},
{
"name": "CVE-2024-36973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36973"
},
{
"name": "CVE-2024-38615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38615"
},
{
"name": "CVE-2024-39371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39371"
},
{
"name": "CVE-2023-52749",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52749"
},
{
"name": "CVE-2023-52750",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52750"
},
{
"name": "CVE-2023-52765",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52765"
},
{
"name": "CVE-2023-52767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52767"
},
{
"name": "CVE-2023-52768",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52768"
},
{
"name": "CVE-2023-52769",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52769"
},
{
"name": "CVE-2023-52776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52776"
},
{
"name": "CVE-2023-52780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52780"
},
{
"name": "CVE-2023-52782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52782"
},
{
"name": "CVE-2023-52783",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52783"
},
{
"name": "CVE-2023-52786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52786"
},
{
"name": "CVE-2023-52792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52792"
},
{
"name": "CVE-2023-52794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52794"
},
{
"name": "CVE-2023-52801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52801"
},
{
"name": "CVE-2023-52812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52812"
},
{
"name": "CVE-2023-52827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52827"
},
{
"name": "CVE-2023-52829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52829"
},
{
"name": "CVE-2023-52836",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52836"
},
{
"name": "CVE-2023-52842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52842"
},
{
"name": "CVE-2023-52849",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52849"
},
{
"name": "CVE-2023-52850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52850"
},
{
"name": "CVE-2023-52857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52857"
},
{
"name": "CVE-2023-52862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52862"
},
{
"name": "CVE-2023-52863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52863"
},
{
"name": "CVE-2023-52866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52866"
},
{
"name": "CVE-2023-52874",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52874"
},
{
"name": "CVE-2023-52879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52879"
},
{
"name": "CVE-2023-52883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52883"
},
{
"name": "CVE-2024-26482",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26482"
},
{
"name": "CVE-2024-26767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26767"
},
{
"name": "CVE-2024-34777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34777"
},
{
"name": "CVE-2024-36010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36010"
},
{
"name": "CVE-2024-36281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36281"
},
{
"name": "CVE-2024-36882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36882"
},
{
"name": "CVE-2024-36887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36887"
},
{
"name": "CVE-2024-36903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36903"
},
{
"name": "CVE-2024-36935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36935"
},
{
"name": "CVE-2024-36962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36962"
},
{
"name": "CVE-2024-36972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36972"
},
{
"name": "CVE-2024-36977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36977"
},
{
"name": "CVE-2024-38384",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38384"
},
{
"name": "CVE-2024-38385",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38385"
},
{
"name": "CVE-2024-38391",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38391"
},
{
"name": "CVE-2024-38539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38539"
},
{
"name": "CVE-2024-38551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38551"
},
{
"name": "CVE-2024-38554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38554"
},
{
"name": "CVE-2024-38562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38562"
},
{
"name": "CVE-2024-38566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38566"
},
{
"name": "CVE-2024-38569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38569"
},
{
"name": "CVE-2024-38570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38570"
},
{
"name": "CVE-2024-38572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38572"
},
{
"name": "CVE-2024-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38575"
},
{
"name": "CVE-2024-38588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38588"
},
{
"name": "CVE-2024-38592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38592"
},
{
"name": "CVE-2024-38595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38595"
},
{
"name": "CVE-2024-38602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38602"
},
{
"name": "CVE-2024-38611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38611"
},
{
"name": "CVE-2024-38617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38617"
},
{
"name": "CVE-2024-38622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38622"
},
{
"name": "CVE-2024-38628",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38628"
},
{
"name": "CVE-2024-38629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38629"
},
{
"name": "CVE-2024-38636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38636"
},
{
"name": "CVE-2024-38664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38664"
},
{
"name": "CVE-2024-39277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39277"
},
{
"name": "CVE-2024-39291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39291"
},
{
"name": "CVE-2024-39296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39296"
},
{
"name": "CVE-2024-39362",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39362"
},
{
"name": "CVE-2024-39463",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39463"
},
{
"name": "CVE-2024-39466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39466"
}
],
"initial_release_date": "2024-07-26T00:00:00",
"last_revision_date": "2024-07-26T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0632",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9 et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2024-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:2575-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242575-1"
},
{
"published_at": "2024-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:2585-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242585-1"
},
{
"published_at": "2024-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:2571-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242571-1"
}
]
}
CVE-2024-38610 (GCVE-0-2024-38610)
Vulnerability from cvelistv5
Published
2024-06-19 13:56
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()
Patch series "mm: follow_pte() improvements and acrn follow_pte() fixes".
Patch #1 fixes a bunch of issues I spotted in the acrn driver. It
compiles, that's all I know. I'll appreciate some review and testing from
acrn folks.
Patch #2+#3 improve follow_pte(), passing a VMA instead of the MM, adding
more sanity checks, and improving the documentation. Gave it a quick test
on x86-64 using VM_PAT that ends up using follow_pte().
This patch (of 3):
We currently miss handling various cases, resulting in a dangerous
follow_pte() (previously follow_pfn()) usage.
(1) We're not checking PTE write permissions.
Maybe we should simply always require pte_write() like we do for
pin_user_pages_fast(FOLL_WRITE)? Hard to tell, so let's check for
ACRN_MEM_ACCESS_WRITE for now.
(2) We're not rejecting refcounted pages.
As we are not using MMU notifiers, messing with refcounted pages is
dangerous and can result in use-after-free. Let's make sure to reject them.
(3) We are only looking at the first PTE of a bigger range.
We only lookup a single PTE, but memmap->len may span a larger area.
Let's loop over all involved PTEs and make sure the PFN range is
actually contiguous. Reject everything else: it couldn't have worked
either way, and rather made use access PFNs we shouldn't be accessing.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b9c43aa0b18da5619aac347d54cb67fe30d1f884 Version: 8a6e85f75a83d16a71077e41f2720c691f432002 Version: 8a6e85f75a83d16a71077e41f2720c691f432002 Version: 8a6e85f75a83d16a71077e41f2720c691f432002 Version: 8a6e85f75a83d16a71077e41f2720c691f432002 Version: 8a6e85f75a83d16a71077e41f2720c691f432002 Version: 149d5fb7e0124c3763e92edd1fde19417f4d2d09 Version: 02098ac42b7ff055ec72cd083ee1eb0a23481a19 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38610",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T18:14:59.732296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T18:15:07.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c6705aa47b5b78d7ad36fea832bb69caa5bf49a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afeb0e69627695f759fc73c39c1640dbf8649b32"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e873f36ec890bece26ecce850e969917bceebbb6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c4ba3cf3a15ccfbaf787d0296fa42cdb00da9b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c8d6e24930b8ef7d4a81787627c559ae0e0d3bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d6586008f7b638f91f3332602592caa8b00b559"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/virt/acrn/mm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5c6705aa47b5b78d7ad36fea832bb69caa5bf49a",
"status": "affected",
"version": "b9c43aa0b18da5619aac347d54cb67fe30d1f884",
"versionType": "git"
},
{
"lessThan": "afeb0e69627695f759fc73c39c1640dbf8649b32",
"status": "affected",
"version": "8a6e85f75a83d16a71077e41f2720c691f432002",
"versionType": "git"
},
{
"lessThan": "e873f36ec890bece26ecce850e969917bceebbb6",
"status": "affected",
"version": "8a6e85f75a83d16a71077e41f2720c691f432002",
"versionType": "git"
},
{
"lessThan": "4c4ba3cf3a15ccfbaf787d0296fa42cdb00da9b4",
"status": "affected",
"version": "8a6e85f75a83d16a71077e41f2720c691f432002",
"versionType": "git"
},
{
"lessThan": "2c8d6e24930b8ef7d4a81787627c559ae0e0d3bb",
"status": "affected",
"version": "8a6e85f75a83d16a71077e41f2720c691f432002",
"versionType": "git"
},
{
"lessThan": "3d6586008f7b638f91f3332602592caa8b00b559",
"status": "affected",
"version": "8a6e85f75a83d16a71077e41f2720c691f432002",
"versionType": "git"
},
{
"status": "affected",
"version": "149d5fb7e0124c3763e92edd1fde19417f4d2d09",
"versionType": "git"
},
{
"status": "affected",
"version": "02098ac42b7ff055ec72cd083ee1eb0a23481a19",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/virt/acrn/mm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()\n\nPatch series \"mm: follow_pte() improvements and acrn follow_pte() fixes\".\n\nPatch #1 fixes a bunch of issues I spotted in the acrn driver. It\ncompiles, that\u0027s all I know. I\u0027ll appreciate some review and testing from\nacrn folks.\n\nPatch #2+#3 improve follow_pte(), passing a VMA instead of the MM, adding\nmore sanity checks, and improving the documentation. Gave it a quick test\non x86-64 using VM_PAT that ends up using follow_pte().\n\n\nThis patch (of 3):\n\nWe currently miss handling various cases, resulting in a dangerous\nfollow_pte() (previously follow_pfn()) usage.\n\n(1) We\u0027re not checking PTE write permissions.\n\nMaybe we should simply always require pte_write() like we do for\npin_user_pages_fast(FOLL_WRITE)? Hard to tell, so let\u0027s check for\nACRN_MEM_ACCESS_WRITE for now.\n\n(2) We\u0027re not rejecting refcounted pages.\n\nAs we are not using MMU notifiers, messing with refcounted pages is\ndangerous and can result in use-after-free. Let\u0027s make sure to reject them.\n\n(3) We are only looking at the first PTE of a bigger range.\n\nWe only lookup a single PTE, but memmap-\u003elen may span a larger area.\nLet\u0027s loop over all involved PTEs and make sure the PFN range is\nactually contiguous. Reject everything else: it couldn\u0027t have worked\neither way, and rather made use access PFNs we shouldn\u0027t be accessing."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:52.947Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5c6705aa47b5b78d7ad36fea832bb69caa5bf49a"
},
{
"url": "https://git.kernel.org/stable/c/afeb0e69627695f759fc73c39c1640dbf8649b32"
},
{
"url": "https://git.kernel.org/stable/c/e873f36ec890bece26ecce850e969917bceebbb6"
},
{
"url": "https://git.kernel.org/stable/c/4c4ba3cf3a15ccfbaf787d0296fa42cdb00da9b4"
},
{
"url": "https://git.kernel.org/stable/c/2c8d6e24930b8ef7d4a81787627c559ae0e0d3bb"
},
{
"url": "https://git.kernel.org/stable/c/3d6586008f7b638f91f3332602592caa8b00b559"
}
],
"title": "drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38610",
"datePublished": "2024-06-19T13:56:12.083Z",
"dateReserved": "2024-06-18T19:36:34.942Z",
"dateUpdated": "2025-05-04T12:56:52.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52880 (GCVE-0-2023-52880)
Vulnerability from cvelistv5
Published
2024-05-24 15:33
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
Any unprivileged user can attach N_GSM0710 ldisc, but it requires
CAP_NET_ADMIN to create a GSM network anyway.
Require initial namespace CAP_NET_ADMIN to do that.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T19:10:27.057428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:31.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a529c9023a197ab3bf09bb95df32a3813f7ba58"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ada28eb4b9561aab93942f3224a2e41d76fe57fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b85977977cbd120591b23c2450e90a5806a7167"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67c37756898a5a6b2941a13ae7260c89b54e0d88"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/n_gsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7d303dee473ba3529d75b63491e9963342107bed",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7a529c9023a197ab3bf09bb95df32a3813f7ba58",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ada28eb4b9561aab93942f3224a2e41d76fe57fa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2b85977977cbd120591b23c2450e90a5806a7167",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "67c37756898a5a6b2941a13ae7260c89b54e0d88",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/n_gsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc\n\nAny unprivileged user can attach N_GSM0710 ldisc, but it requires\nCAP_NET_ADMIN to create a GSM network anyway.\n\nRequire initial namespace CAP_NET_ADMIN to do that."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:08.398Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed"
},
{
"url": "https://git.kernel.org/stable/c/7a529c9023a197ab3bf09bb95df32a3813f7ba58"
},
{
"url": "https://git.kernel.org/stable/c/ada28eb4b9561aab93942f3224a2e41d76fe57fa"
},
{
"url": "https://git.kernel.org/stable/c/2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a"
},
{
"url": "https://git.kernel.org/stable/c/2b85977977cbd120591b23c2450e90a5806a7167"
},
{
"url": "https://git.kernel.org/stable/c/67c37756898a5a6b2941a13ae7260c89b54e0d88"
}
],
"title": "tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52880",
"datePublished": "2024-05-24T15:33:17.439Z",
"dateReserved": "2024-05-21T15:35:00.781Z",
"dateUpdated": "2025-05-04T07:45:08.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38591 (GCVE-0-2024-38591)
Vulnerability from cvelistv5
Published
2024-06-19 13:45
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix deadlock on SRQ async events.
xa_lock for SRQ table may be required in AEQ. Use xa_store_irq()/
xa_erase_irq() to avoid deadlock.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 81fce6291d9999cee692e4118134a8c850b60857 Version: 81fce6291d9999cee692e4118134a8c850b60857 Version: 81fce6291d9999cee692e4118134a8c850b60857 Version: 81fce6291d9999cee692e4118134a8c850b60857 Version: 81fce6291d9999cee692e4118134a8c850b60857 Version: 81fce6291d9999cee692e4118134a8c850b60857 Version: 81fce6291d9999cee692e4118134a8c850b60857 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T19:45:07.375809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T19:45:15.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a3be1a0ffe04c085dd7f79be97c91b0c786df3d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/756ddbe665ea7f9416951bd76731b174d136eea0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22c915af31bd84ffaa46145e317f53333f94a868"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72dc542f0d8977e7d41d610db6bb65c47cad43e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d271e66abac5c7eb8de345b9b44d89f777437a4c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b46494b6f9c19f141114a57729e198698f40af37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_main.c",
"drivers/infiniband/hw/hns/hns_roce_srq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "605889754ee68aacf7c381938fcd5eb654e71822",
"status": "affected",
"version": "81fce6291d9999cee692e4118134a8c850b60857",
"versionType": "git"
},
{
"lessThan": "4a3be1a0ffe04c085dd7f79be97c91b0c786df3d",
"status": "affected",
"version": "81fce6291d9999cee692e4118134a8c850b60857",
"versionType": "git"
},
{
"lessThan": "756ddbe665ea7f9416951bd76731b174d136eea0",
"status": "affected",
"version": "81fce6291d9999cee692e4118134a8c850b60857",
"versionType": "git"
},
{
"lessThan": "22c915af31bd84ffaa46145e317f53333f94a868",
"status": "affected",
"version": "81fce6291d9999cee692e4118134a8c850b60857",
"versionType": "git"
},
{
"lessThan": "72dc542f0d8977e7d41d610db6bb65c47cad43e9",
"status": "affected",
"version": "81fce6291d9999cee692e4118134a8c850b60857",
"versionType": "git"
},
{
"lessThan": "d271e66abac5c7eb8de345b9b44d89f777437a4c",
"status": "affected",
"version": "81fce6291d9999cee692e4118134a8c850b60857",
"versionType": "git"
},
{
"lessThan": "b46494b6f9c19f141114a57729e198698f40af37",
"status": "affected",
"version": "81fce6291d9999cee692e4118134a8c850b60857",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_main.c",
"drivers/infiniband/hw/hns/hns_roce_srq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.234",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.234",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix deadlock on SRQ async events.\n\nxa_lock for SRQ table may be required in AEQ. Use xa_store_irq()/\nxa_erase_irq() to avoid deadlock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:48.410Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/605889754ee68aacf7c381938fcd5eb654e71822"
},
{
"url": "https://git.kernel.org/stable/c/4a3be1a0ffe04c085dd7f79be97c91b0c786df3d"
},
{
"url": "https://git.kernel.org/stable/c/756ddbe665ea7f9416951bd76731b174d136eea0"
},
{
"url": "https://git.kernel.org/stable/c/22c915af31bd84ffaa46145e317f53333f94a868"
},
{
"url": "https://git.kernel.org/stable/c/72dc542f0d8977e7d41d610db6bb65c47cad43e9"
},
{
"url": "https://git.kernel.org/stable/c/d271e66abac5c7eb8de345b9b44d89f777437a4c"
},
{
"url": "https://git.kernel.org/stable/c/b46494b6f9c19f141114a57729e198698f40af37"
}
],
"title": "RDMA/hns: Fix deadlock on SRQ async events.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38591",
"datePublished": "2024-06-19T13:45:42.701Z",
"dateReserved": "2024-06-18T19:36:34.930Z",
"dateUpdated": "2025-05-04T09:14:48.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26845 (GCVE-0-2024-26845)
Vulnerability from cvelistv5
Published
2024-04-17 10:10
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Add TMF to tmr_list handling
An abort that is responded to by iSCSI itself is added to tmr_list but does
not go to target core. A LUN_RESET that goes through tmr_list takes a
refcounter on the abort and waits for completion. However, the abort will
be never complete because it was not started in target core.
Unable to locate ITT: 0x05000000 on CID: 0
Unable to locate RefTaskTag: 0x05000000 on CID: 0.
wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop
wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop
...
INFO: task kworker/0:2:49 blocked for more than 491 seconds.
task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800
Workqueue: events target_tmr_work [target_core_mod]
Call Trace:
__switch_to+0x2c4/0x470
_schedule+0x314/0x1730
schedule+0x64/0x130
schedule_timeout+0x168/0x430
wait_for_completion+0x140/0x270
target_put_cmd_and_wait+0x64/0xb0 [target_core_mod]
core_tmr_lun_reset+0x30/0xa0 [target_core_mod]
target_tmr_work+0xc8/0x1b0 [target_core_mod]
process_one_work+0x2d4/0x5d0
worker_thread+0x78/0x6c0
To fix this, only add abort to tmr_list if it will be handled by target
core.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:57:59.068880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:22.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/425a571a7e6fc389954cf2564e1edbba3740e171"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/target/target_core_device.c",
"drivers/target/target_core_transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "425a571a7e6fc389954cf2564e1edbba3740e171",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "11f3fe5001ed05721e641f0ecaa7a73b7deb245d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "168ed59170de1fd7274080fe102216162d6826cf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a9849b67b4402a12eb35eadc9306c1ef9847d53d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e717bd412001495f17400bfc09f606f1b594ef5a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "36bc5040c863b44af06094b22f1e50059227b9cb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "83ab68168a3d990d5ff39ab030ad5754cbbccb25",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/target/target_core_device.c",
"drivers/target/target_core_transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Add TMF to tmr_list handling\n\nAn abort that is responded to by iSCSI itself is added to tmr_list but does\nnot go to target core. A LUN_RESET that goes through tmr_list takes a\nrefcounter on the abort and waits for completion. However, the abort will\nbe never complete because it was not started in target core.\n\n Unable to locate ITT: 0x05000000 on CID: 0\n Unable to locate RefTaskTag: 0x05000000 on CID: 0.\n wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n...\n INFO: task kworker/0:2:49 blocked for more than 491 seconds.\n task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800\n Workqueue: events target_tmr_work [target_core_mod]\nCall Trace:\n __switch_to+0x2c4/0x470\n _schedule+0x314/0x1730\n schedule+0x64/0x130\n schedule_timeout+0x168/0x430\n wait_for_completion+0x140/0x270\n target_put_cmd_and_wait+0x64/0xb0 [target_core_mod]\n core_tmr_lun_reset+0x30/0xa0 [target_core_mod]\n target_tmr_work+0xc8/0x1b0 [target_core_mod]\n process_one_work+0x2d4/0x5d0\n worker_thread+0x78/0x6c0\n\nTo fix this, only add abort to tmr_list if it will be handled by target\ncore."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:50.292Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/425a571a7e6fc389954cf2564e1edbba3740e171"
},
{
"url": "https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d"
},
{
"url": "https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf"
},
{
"url": "https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d"
},
{
"url": "https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a"
},
{
"url": "https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb"
},
{
"url": "https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f"
},
{
"url": "https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25"
}
],
"title": "scsi: target: core: Add TMF to tmr_list handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26845",
"datePublished": "2024-04-17T10:10:09.337Z",
"dateReserved": "2024-02-19T14:20:24.182Z",
"dateUpdated": "2025-05-04T08:57:50.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36024 (GCVE-0-2024-36024)
Vulnerability from cvelistv5
Published
2024-05-30 15:04
Modified
2025-07-11 17:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Disable idle reallow as part of command/gpint execution
[Why]
Workaroud for a race condition where DMCUB is in the process of
committing to IPS1 during the handshake causing us to miss the
transition into IPS2 and touch the INBOX1 RPTR causing a HW hang.
[How]
Disable the reallow to ensure that we have enough of a gap between entry
and exit and we're not seeing back-to-back wake_and_executes.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2aac387445610d6dfd681f5214388e86f5677ef7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6226a5aa77370329e01ee8abe50a95e60618ce97"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:35:01.549176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:50.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dc.h",
"drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c",
"drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2aac387445610d6dfd681f5214388e86f5677ef7",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "6226a5aa77370329e01ee8abe50a95e60618ce97",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dc.h",
"drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c",
"drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable idle reallow as part of command/gpint execution\n\n[Why]\nWorkaroud for a race condition where DMCUB is in the process of\ncommitting to IPS1 during the handshake causing us to miss the\ntransition into IPS2 and touch the INBOX1 RPTR causing a HW hang.\n\n[How]\nDisable the reallow to ensure that we have enough of a gap between entry\nand exit and we\u0027re not seeing back-to-back wake_and_executes."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:19:43.927Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2aac387445610d6dfd681f5214388e86f5677ef7"
},
{
"url": "https://git.kernel.org/stable/c/6226a5aa77370329e01ee8abe50a95e60618ce97"
}
],
"title": "drm/amd/display: Disable idle reallow as part of command/gpint execution",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36024",
"datePublished": "2024-05-30T15:04:01.114Z",
"dateReserved": "2024-05-17T13:50:33.158Z",
"dateUpdated": "2025-07-11T17:19:43.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38573 (GCVE-0-2024-38573)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cppc_cpufreq: Fix possible null pointer dereference
cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from
different places with various parameters. So cpufreq_cpu_get() can return
null as 'policy' in some circumstances.
Fix this bug by adding null return check.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a28b2bfc099c6b9caa6ef697660408e076a32019 Version: a28b2bfc099c6b9caa6ef697660408e076a32019 Version: a28b2bfc099c6b9caa6ef697660408e076a32019 Version: a28b2bfc099c6b9caa6ef697660408e076a32019 Version: a28b2bfc099c6b9caa6ef697660408e076a32019 Version: a28b2bfc099c6b9caa6ef697660408e076a32019 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "9a185cc5a79b",
"status": "affected",
"version": "a28b2bfc099c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "769c4f355b79",
"status": "affected",
"version": "a28b2bfc099c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "f84b9b25d045",
"status": "affected",
"version": "a28b2bfc099c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b18daa4ec727",
"status": "affected",
"version": "a28b2bfc099c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "dfec15222529",
"status": "affected",
"version": "a28b2bfc099c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:acrn:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrn",
"vendor": "linux",
"versions": [
{
"lessThan": "cf7de25878a1",
"status": "affected",
"version": "a28b2bfc099c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.161",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.93",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.33",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.12",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.10",
"status": "unaffected",
"version": "6.9.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.10-rc1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T18:10:54.548059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T18:33:09.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a185cc5a79ba408e1c73375706630662304f618"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/769c4f355b7962895205b86ad35617873feef9a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f84b9b25d045e67a7eee5e73f21278c8ab06713c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b18daa4ec727c0266de5bfc78e818d168cc4aedf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dfec15222529d22b15e5b0d63572a9e39570cab4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf7de25878a1f4508c69dc9f6819c21ba177dbfe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/cpufreq/cppc_cpufreq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9a185cc5a79ba408e1c73375706630662304f618",
"status": "affected",
"version": "a28b2bfc099c6b9caa6ef697660408e076a32019",
"versionType": "git"
},
{
"lessThan": "769c4f355b7962895205b86ad35617873feef9a5",
"status": "affected",
"version": "a28b2bfc099c6b9caa6ef697660408e076a32019",
"versionType": "git"
},
{
"lessThan": "f84b9b25d045e67a7eee5e73f21278c8ab06713c",
"status": "affected",
"version": "a28b2bfc099c6b9caa6ef697660408e076a32019",
"versionType": "git"
},
{
"lessThan": "b18daa4ec727c0266de5bfc78e818d168cc4aedf",
"status": "affected",
"version": "a28b2bfc099c6b9caa6ef697660408e076a32019",
"versionType": "git"
},
{
"lessThan": "dfec15222529d22b15e5b0d63572a9e39570cab4",
"status": "affected",
"version": "a28b2bfc099c6b9caa6ef697660408e076a32019",
"versionType": "git"
},
{
"lessThan": "cf7de25878a1f4508c69dc9f6819c21ba177dbfe",
"status": "affected",
"version": "a28b2bfc099c6b9caa6ef697660408e076a32019",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/cpufreq/cppc_cpufreq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncppc_cpufreq: Fix possible null pointer dereference\n\ncppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from\ndifferent places with various parameters. So cpufreq_cpu_get() can return\nnull as \u0027policy\u0027 in some circumstances.\nFix this bug by adding null return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:24.803Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9a185cc5a79ba408e1c73375706630662304f618"
},
{
"url": "https://git.kernel.org/stable/c/769c4f355b7962895205b86ad35617873feef9a5"
},
{
"url": "https://git.kernel.org/stable/c/f84b9b25d045e67a7eee5e73f21278c8ab06713c"
},
{
"url": "https://git.kernel.org/stable/c/b18daa4ec727c0266de5bfc78e818d168cc4aedf"
},
{
"url": "https://git.kernel.org/stable/c/dfec15222529d22b15e5b0d63572a9e39570cab4"
},
{
"url": "https://git.kernel.org/stable/c/cf7de25878a1f4508c69dc9f6819c21ba177dbfe"
}
],
"title": "cppc_cpufreq: Fix possible null pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38573",
"datePublished": "2024-06-19T13:35:38.334Z",
"dateReserved": "2024-06-18T19:36:34.924Z",
"dateUpdated": "2025-05-04T09:14:24.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38621 (GCVE-0-2024-38621)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: stk1160: fix bounds checking in stk1160_copy_video()
The subtract in this condition is reversed. The ->length is the length
of the buffer. The ->bytesused is how many bytes we have copied thus
far. When the condition is reversed that means the result of the
subtraction is always negative but since it's unsigned then the result
is a very high positive value. That means the overflow check is never
true.
Additionally, the ->bytesused doesn't actually work for this purpose
because we're not writing to "buf->mem + buf->bytesused". Instead, the
math to calculate the destination where we are writing is a bit
involved. You calculate the number of full lines already written,
multiply by two, skip a line if necessary so that we start on an odd
numbered line, and add the offset into the line.
To fix this buffer overflow, just take the actual destination where we
are writing, if the offset is already out of bounds print an error and
return. Otherwise, write up to buf->length bytes.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f Version: 9cb2173e6ea8f2948bd1367c93083a2500fcf08f |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6a392266276730bea893b55d12940e32a25f56a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecf4ddc3aee8ade504c4d36b7b4053ce6093e200"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a16775828aaed1c54ff4e6fe83e8e4d5c6a50cb7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7532bcec0797adfa08791301c3bcae14141db3bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b504518a397059e1d55c521ba0ea2b545a6c4b52"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d410017a7181cb55e4a5c810b32b75e4416c6808"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a08492832cc4cacc24e0612f483c86ca899b9261"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/faa4364bef2ec0060de381ff028d1d836600a381"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38621",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:18.748299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:45.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/stk1160/stk1160-video.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f6a392266276730bea893b55d12940e32a25f56a",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
},
{
"lessThan": "ecf4ddc3aee8ade504c4d36b7b4053ce6093e200",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
},
{
"lessThan": "a16775828aaed1c54ff4e6fe83e8e4d5c6a50cb7",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
},
{
"lessThan": "7532bcec0797adfa08791301c3bcae14141db3bd",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
},
{
"lessThan": "b504518a397059e1d55c521ba0ea2b545a6c4b52",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
},
{
"lessThan": "d410017a7181cb55e4a5c810b32b75e4416c6808",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
},
{
"lessThan": "a08492832cc4cacc24e0612f483c86ca899b9261",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
},
{
"lessThan": "faa4364bef2ec0060de381ff028d1d836600a381",
"status": "affected",
"version": "9cb2173e6ea8f2948bd1367c93083a2500fcf08f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/stk1160/stk1160-video.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: stk1160: fix bounds checking in stk1160_copy_video()\n\nThe subtract in this condition is reversed. The -\u003elength is the length\nof the buffer. The -\u003ebytesused is how many bytes we have copied thus\nfar. When the condition is reversed that means the result of the\nsubtraction is always negative but since it\u0027s unsigned then the result\nis a very high positive value. That means the overflow check is never\ntrue.\n\nAdditionally, the -\u003ebytesused doesn\u0027t actually work for this purpose\nbecause we\u0027re not writing to \"buf-\u003emem + buf-\u003ebytesused\". Instead, the\nmath to calculate the destination where we are writing is a bit\ninvolved. You calculate the number of full lines already written,\nmultiply by two, skip a line if necessary so that we start on an odd\nnumbered line, and add the offset into the line.\n\nTo fix this buffer overflow, just take the actual destination where we\nare writing, if the offset is already out of bounds print an error and\nreturn. Otherwise, write up to buf-\u003elength bytes."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:28.927Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f6a392266276730bea893b55d12940e32a25f56a"
},
{
"url": "https://git.kernel.org/stable/c/ecf4ddc3aee8ade504c4d36b7b4053ce6093e200"
},
{
"url": "https://git.kernel.org/stable/c/a16775828aaed1c54ff4e6fe83e8e4d5c6a50cb7"
},
{
"url": "https://git.kernel.org/stable/c/7532bcec0797adfa08791301c3bcae14141db3bd"
},
{
"url": "https://git.kernel.org/stable/c/b504518a397059e1d55c521ba0ea2b545a6c4b52"
},
{
"url": "https://git.kernel.org/stable/c/d410017a7181cb55e4a5c810b32b75e4416c6808"
},
{
"url": "https://git.kernel.org/stable/c/a08492832cc4cacc24e0612f483c86ca899b9261"
},
{
"url": "https://git.kernel.org/stable/c/faa4364bef2ec0060de381ff028d1d836600a381"
}
],
"title": "media: stk1160: fix bounds checking in stk1160_copy_video()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38621",
"datePublished": "2024-06-21T10:18:14.955Z",
"dateReserved": "2024-06-18T19:36:34.945Z",
"dateUpdated": "2025-05-04T09:15:28.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36945 (GCVE-0-2024-36945)
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix neighbour and rtable leak in smc_ib_find_route()
In smc_ib_find_route(), the neighbour found by neigh_lookup() and rtable
resolved by ip_route_output_flow() are not released or put before return.
It may cause the refcount leak, so fix it.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T20:30:31.469457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T20:30:45.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "ADP Container"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-04T23:03:03.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d5a466ab6e78d6f2e0f64435f1e17246c8e941ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5df93c029a907b0ff5a4eeadd77ba06ff0a277d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/da91e447d06dc649fcf46e59122e7bf8f0b2e0db"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250404-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/smc/smc_ib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d5a466ab6e78d6f2e0f64435f1e17246c8e941ff",
"status": "affected",
"version": "e5c4744cfb598f98672f8d21d59ef2c1fa9c9b5f",
"versionType": "git"
},
{
"lessThan": "5df93c029a907b0ff5a4eeadd77ba06ff0a277d2",
"status": "affected",
"version": "e5c4744cfb598f98672f8d21d59ef2c1fa9c9b5f",
"versionType": "git"
},
{
"lessThan": "da91e447d06dc649fcf46e59122e7bf8f0b2e0db",
"status": "affected",
"version": "e5c4744cfb598f98672f8d21d59ef2c1fa9c9b5f",
"versionType": "git"
},
{
"lessThan": "2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06",
"status": "affected",
"version": "e5c4744cfb598f98672f8d21d59ef2c1fa9c9b5f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/smc/smc_ib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix neighbour and rtable leak in smc_ib_find_route()\n\nIn smc_ib_find_route(), the neighbour found by neigh_lookup() and rtable\nresolved by ip_route_output_flow() are not released or put before return.\nIt may cause the refcount leak, so fix it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:34.866Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d5a466ab6e78d6f2e0f64435f1e17246c8e941ff"
},
{
"url": "https://git.kernel.org/stable/c/5df93c029a907b0ff5a4eeadd77ba06ff0a277d2"
},
{
"url": "https://git.kernel.org/stable/c/da91e447d06dc649fcf46e59122e7bf8f0b2e0db"
},
{
"url": "https://git.kernel.org/stable/c/2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06"
}
],
"title": "net/smc: fix neighbour and rtable leak in smc_ib_find_route()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36945",
"datePublished": "2024-05-30T15:35:43.299Z",
"dateReserved": "2024-05-30T15:25:07.079Z",
"dateUpdated": "2025-05-04T09:12:34.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38630 (GCVE-0-2024-38630)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
When the cpu5wdt module is removing, the origin code uses del_timer() to
de-activate the timer. If the timer handler is running, del_timer() could
not stop it and will return directly. If the port region is released by
release_region() and then the timer handler cpu5wdt_trigger() calls outb()
to write into the region that is released, the use-after-free bug will
happen.
Change del_timer() to timer_shutdown_sync() in order that the timer handler
could be finished before the port region is released.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b1c063ffc075abf56f63e55d70b9778ff534314"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f19686d616500cd0d47b30cee82392b53f7f784a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/573601521277119f2e2ba5f28ae6e87fc594f4d4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38630",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:05.880196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:44.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/watchdog/cpu5wdt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9b1c063ffc075abf56f63e55d70b9778ff534314",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f19686d616500cd0d47b30cee82392b53f7f784a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "573601521277119f2e2ba5f28ae6e87fc594f4d4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/watchdog/cpu5wdt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger\n\nWhen the cpu5wdt module is removing, the origin code uses del_timer() to\nde-activate the timer. If the timer handler is running, del_timer() could\nnot stop it and will return directly. If the port region is released by\nrelease_region() and then the timer handler cpu5wdt_trigger() calls outb()\nto write into the region that is released, the use-after-free bug will\nhappen.\n\nChange del_timer() to timer_shutdown_sync() in order that the timer handler\ncould be finished before the port region is released."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:41.586Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9b1c063ffc075abf56f63e55d70b9778ff534314"
},
{
"url": "https://git.kernel.org/stable/c/f19686d616500cd0d47b30cee82392b53f7f784a"
},
{
"url": "https://git.kernel.org/stable/c/573601521277119f2e2ba5f28ae6e87fc594f4d4"
}
],
"title": "watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38630",
"datePublished": "2024-06-21T10:18:20.892Z",
"dateReserved": "2024-06-18T19:36:34.947Z",
"dateUpdated": "2025-05-04T09:15:41.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52821 (GCVE-0-2023-52821)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/panel: fix a possible null pointer dereference
In versatile_panel_get_modes(), the return value of drm_mode_duplicate()
is assigned to mode, which will lead to a NULL pointer dereference
on failure of drm_mode_duplicate(). Add a check to avoid npd.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:23:25.064464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:17.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7dc0aca5962fb37dbea9769dd26ec37813faae1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2381f6b628b3214f07375e0adf5ce17093c31190"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79813cd59398015867d51e6d7dcc14d287d4c402"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4fa930ba046d20fc1899770396ee11e905fa96e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a9dd36fcb4f3906982b82593393578db4479992"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/924e5814d1f84e6fa5cb19c6eceb69f066225229"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/panel/panel-arm-versatile.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c7dc0aca5962fb37dbea9769dd26ec37813faae1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2381f6b628b3214f07375e0adf5ce17093c31190",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "79813cd59398015867d51e6d7dcc14d287d4c402",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4fa930ba046d20fc1899770396ee11e905fa96e4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8a9dd36fcb4f3906982b82593393578db4479992",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "924e5814d1f84e6fa5cb19c6eceb69f066225229",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/panel/panel-arm-versatile.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel: fix a possible null pointer dereference\n\nIn versatile_panel_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:48.695Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c7dc0aca5962fb37dbea9769dd26ec37813faae1"
},
{
"url": "https://git.kernel.org/stable/c/2381f6b628b3214f07375e0adf5ce17093c31190"
},
{
"url": "https://git.kernel.org/stable/c/79813cd59398015867d51e6d7dcc14d287d4c402"
},
{
"url": "https://git.kernel.org/stable/c/4fa930ba046d20fc1899770396ee11e905fa96e4"
},
{
"url": "https://git.kernel.org/stable/c/8a9dd36fcb4f3906982b82593393578db4479992"
},
{
"url": "https://git.kernel.org/stable/c/924e5814d1f84e6fa5cb19c6eceb69f066225229"
}
],
"title": "drm/panel: fix a possible null pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52821",
"datePublished": "2024-05-21T15:31:26.888Z",
"dateReserved": "2024-05-21T15:19:24.249Z",
"dateUpdated": "2025-05-04T07:43:48.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35976 (GCVE-0-2024-35976)
Vulnerability from cvelistv5
Published
2024-05-20 09:42
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
syzbot reported an illegal copy in xsk_setsockopt() [1]
Make sure to validate setsockopt() @optlen parameter.
[1]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]
BUG: KASAN: slab-out-of-bounds in xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420
Read of size 4 at addr ffff888028c6cde3 by task syz-executor.0/7549
CPU: 0 PID: 7549 Comm: syz-executor.0 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
copy_from_sockptr include/linux/sockptr.h:55 [inline]
xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420
do_sock_setsockopt+0x3af/0x720 net/socket.c:2311
__sys_setsockopt+0x1ae/0x250 net/socket.c:2334
__do_sys_setsockopt net/socket.c:2343 [inline]
__se_sys_setsockopt net/socket.c:2340 [inline]
__x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340
do_syscall_64+0xfb/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7fb40587de69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb40665a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fb4059abf80 RCX: 00007fb40587de69
RDX: 0000000000000005 RSI: 000000000000011b RDI: 0000000000000006
RBP: 00007fb4058ca47a R08: 0000000000000002 R09: 0000000000000000
R10: 0000000020001980 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fb4059abf80 R15: 00007fff57ee4d08
</TASK>
Allocated by task 7549:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slub.c:3966 [inline]
__kmalloc+0x233/0x4a0 mm/slub.c:3979
kmalloc include/linux/slab.h:632 [inline]
__cgroup_bpf_run_filter_setsockopt+0xd2f/0x1040 kernel/bpf/cgroup.c:1869
do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293
__sys_setsockopt+0x1ae/0x250 net/socket.c:2334
__do_sys_setsockopt net/socket.c:2343 [inline]
__se_sys_setsockopt net/socket.c:2340 [inline]
__x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340
do_syscall_64+0xfb/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
The buggy address belongs to the object at ffff888028c6cde0
which belongs to the cache kmalloc-8 of size 8
The buggy address is located 1 bytes to the right of
allocated 2-byte region [ffff888028c6cde0, ffff888028c6cde2)
The buggy address belongs to the physical page:
page:ffffea0000a31b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888028c6c9c0 pfn:0x28c6c
anon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000000800 ffff888014c41280 0000000000000000 dead000000000001
raw: ffff888028c6c9c0 0000000080800057 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 6648, tgid 6644 (syz-executor.0), ts 133906047828, free_ts 133859922223
set_page_owner include/linux/page_owner.h:31 [inline]
post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1533
prep_new_page mm/page_alloc.c:
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 423f38329d267969130fb6f2c685f73d72687558 Version: 423f38329d267969130fb6f2c685f73d72687558 Version: 423f38329d267969130fb6f2c685f73d72687558 Version: 423f38329d267969130fb6f2c685f73d72687558 Version: 423f38329d267969130fb6f2c685f73d72687558 Version: 423f38329d267969130fb6f2c685f73d72687558 Version: 423f38329d267969130fb6f2c685f73d72687558 Version: 423f38329d267969130fb6f2c685f73d72687558 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:4.18:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.18"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:37:56.972231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:07.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beb99266830520e15fbc6ca8cc5a5240d76851fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b45c25d60e38f5c2cb6823f886773a34323306d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a82984b3c6a7e8c7937dba6e857ddf829d149417"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0a068de65d5b7358e9aff792716afa9333f3922"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a523f14a3f53b46ff0e1fafd215b0bc5f6783aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b143e19dc28c3211f050f7848d87d9b0a170e10c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2eb979fbb2479bcd7e049f2f9978b6590dd8a0e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/237f3cf13b20db183d3706d997eedc3c49eacd44"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/xdp/xsk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "beb99266830520e15fbc6ca8cc5a5240d76851fd",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
},
{
"lessThan": "0b45c25d60e38f5c2cb6823f886773a34323306d",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
},
{
"lessThan": "a82984b3c6a7e8c7937dba6e857ddf829d149417",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
},
{
"lessThan": "f0a068de65d5b7358e9aff792716afa9333f3922",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
},
{
"lessThan": "2a523f14a3f53b46ff0e1fafd215b0bc5f6783aa",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
},
{
"lessThan": "b143e19dc28c3211f050f7848d87d9b0a170e10c",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
},
{
"lessThan": "2eb979fbb2479bcd7e049f2f9978b6590dd8a0e6",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
},
{
"lessThan": "237f3cf13b20db183d3706d997eedc3c49eacd44",
"status": "affected",
"version": "423f38329d267969130fb6f2c685f73d72687558",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/xdp/xsk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING\n\nsyzbot reported an illegal copy in xsk_setsockopt() [1]\n\nMake sure to validate setsockopt() @optlen parameter.\n\n[1]\n\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420\nRead of size 4 at addr ffff888028c6cde3 by task syz-executor.0/7549\n\nCPU: 0 PID: 7549 Comm: syz-executor.0 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n copy_from_sockptr include/linux/sockptr.h:55 [inline]\n xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420\n do_sock_setsockopt+0x3af/0x720 net/socket.c:2311\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\nRIP: 0033:0x7fb40587de69\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fb40665a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 00007fb4059abf80 RCX: 00007fb40587de69\nRDX: 0000000000000005 RSI: 000000000000011b RDI: 0000000000000006\nRBP: 00007fb4058ca47a R08: 0000000000000002 R09: 0000000000000000\nR10: 0000000020001980 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007fb4059abf80 R15: 00007fff57ee4d08\n \u003c/TASK\u003e\n\nAllocated by task 7549:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:370 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387\n kasan_kmalloc include/linux/kasan.h:211 [inline]\n __do_kmalloc_node mm/slub.c:3966 [inline]\n __kmalloc+0x233/0x4a0 mm/slub.c:3979\n kmalloc include/linux/slab.h:632 [inline]\n __cgroup_bpf_run_filter_setsockopt+0xd2f/0x1040 kernel/bpf/cgroup.c:1869\n do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nThe buggy address belongs to the object at ffff888028c6cde0\n which belongs to the cache kmalloc-8 of size 8\nThe buggy address is located 1 bytes to the right of\n allocated 2-byte region [ffff888028c6cde0, ffff888028c6cde2)\n\nThe buggy address belongs to the physical page:\npage:ffffea0000a31b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888028c6c9c0 pfn:0x28c6c\nanon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xffffffff()\nraw: 00fff00000000800 ffff888014c41280 0000000000000000 dead000000000001\nraw: ffff888028c6c9c0 0000000080800057 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as allocated\npage last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 6648, tgid 6644 (syz-executor.0), ts 133906047828, free_ts 133859922223\n set_page_owner include/linux/page_owner.h:31 [inline]\n post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1533\n prep_new_page mm/page_alloc.c:\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:36.804Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/beb99266830520e15fbc6ca8cc5a5240d76851fd"
},
{
"url": "https://git.kernel.org/stable/c/0b45c25d60e38f5c2cb6823f886773a34323306d"
},
{
"url": "https://git.kernel.org/stable/c/a82984b3c6a7e8c7937dba6e857ddf829d149417"
},
{
"url": "https://git.kernel.org/stable/c/f0a068de65d5b7358e9aff792716afa9333f3922"
},
{
"url": "https://git.kernel.org/stable/c/2a523f14a3f53b46ff0e1fafd215b0bc5f6783aa"
},
{
"url": "https://git.kernel.org/stable/c/b143e19dc28c3211f050f7848d87d9b0a170e10c"
},
{
"url": "https://git.kernel.org/stable/c/2eb979fbb2479bcd7e049f2f9978b6590dd8a0e6"
},
{
"url": "https://git.kernel.org/stable/c/237f3cf13b20db183d3706d997eedc3c49eacd44"
}
],
"title": "xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35976",
"datePublished": "2024-05-20T09:42:02.415Z",
"dateReserved": "2024-05-17T13:50:33.143Z",
"dateUpdated": "2025-05-04T09:09:36.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52857 (GCVE-0-2023-52857)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Fix coverity issue with unintentional integer overflow
1. Instead of multiplying 2 variable of different types. Change to
assign a value of one variable and then multiply the other variable.
2. Add a int variable for multiplier calculation instead of calculating
different types multiplier with dma_addr_t variable directly.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T19:34:11.546564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:02.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d8a1df39d3fc34560e2cc663b5c340d06a25396"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96312a251d4dcee5d36e32edba3002bfde0ddd9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0b0d811eac6b4c52cb9ad632fa6384cf48869e7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/mediatek/mtk_drm_gem.c",
"drivers/gpu/drm/mediatek/mtk_drm_plane.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a12bd675100531f9fb4508fd4430dd1632325a0e",
"status": "affected",
"version": "1a64a7aff8da352c9419de3d5c34343682916411",
"versionType": "git"
},
{
"lessThan": "0d8a1df39d3fc34560e2cc663b5c340d06a25396",
"status": "affected",
"version": "1a64a7aff8da352c9419de3d5c34343682916411",
"versionType": "git"
},
{
"lessThan": "96312a251d4dcee5d36e32edba3002bfde0ddd9c",
"status": "affected",
"version": "1a64a7aff8da352c9419de3d5c34343682916411",
"versionType": "git"
},
{
"lessThan": "b0b0d811eac6b4c52cb9ad632fa6384cf48869e7",
"status": "affected",
"version": "1a64a7aff8da352c9419de3d5c34343682916411",
"versionType": "git"
},
{
"status": "affected",
"version": "73e81f7219aa582d8e55a7b6552f607a8e5a9724",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/mediatek/mtk_drm_gem.c",
"drivers/gpu/drm/mediatek/mtk_drm_plane.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.132",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix coverity issue with unintentional integer overflow\n\n1. Instead of multiplying 2 variable of different types. Change to\nassign a value of one variable and then multiply the other variable.\n\n2. Add a int variable for multiplier calculation instead of calculating\ndifferent types multiplier with dma_addr_t variable directly."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:43.390Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a12bd675100531f9fb4508fd4430dd1632325a0e"
},
{
"url": "https://git.kernel.org/stable/c/0d8a1df39d3fc34560e2cc663b5c340d06a25396"
},
{
"url": "https://git.kernel.org/stable/c/96312a251d4dcee5d36e32edba3002bfde0ddd9c"
},
{
"url": "https://git.kernel.org/stable/c/b0b0d811eac6b4c52cb9ad632fa6384cf48869e7"
}
],
"title": "drm/mediatek: Fix coverity issue with unintentional integer overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52857",
"datePublished": "2024-05-21T15:31:51.232Z",
"dateReserved": "2024-05-21T15:19:24.258Z",
"dateUpdated": "2025-05-04T12:49:43.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38608 (GCVE-0-2024-38608)
Vulnerability from cvelistv5
Published
2024-06-19 13:56
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix netif state handling
mlx5e_suspend cleans resources only if netif_device_present() returns
true. However, mlx5e_resume changes the state of netif, via
mlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.
In the below case, the above leads to NULL-ptr Oops[1] and memory
leaks:
mlx5e_probe
_mlx5e_resume
mlx5e_attach_netdev
mlx5e_nic_enable <-- netdev not reg, not calling netif_device_attach()
register_netdev <-- failed for some reason.
ERROR_FLOW:
_mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(
Hence, clean resources in this case as well.
[1]
BUG: kernel NULL pointer dereference, address: 0000000000000000
PGD 0 P4D 0
Oops: 0010 [#1] SMP
CPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
RIP: 0010:0x0
Code: Unable to access opcode bytes at0xffffffffffffffd6.
RSP: 0018:ffff888178aaf758 EFLAGS: 00010246
Call Trace:
<TASK>
? __die+0x20/0x60
? page_fault_oops+0x14c/0x3c0
? exc_page_fault+0x75/0x140
? asm_exc_page_fault+0x22/0x30
notifier_call_chain+0x35/0xb0
blocking_notifier_call_chain+0x3d/0x60
mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]
mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]
mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]
mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]
__mlx5_ib_add+0x34/0xd0 [mlx5_ib]
mlx5r_probe+0xe1/0x210 [mlx5_ib]
? auxiliary_match_id+0x6a/0x90
auxiliary_bus_probe+0x38/0x80
? driver_sysfs_add+0x51/0x80
really_probe+0xc9/0x3e0
? driver_probe_device+0x90/0x90
__driver_probe_device+0x80/0x160
driver_probe_device+0x1e/0x90
__device_attach_driver+0x7d/0x100
bus_for_each_drv+0x80/0xd0
__device_attach+0xbc/0x1f0
bus_probe_device+0x86/0xa0
device_add+0x637/0x840
__auxiliary_device_add+0x3b/0xa0
add_adev+0xc9/0x140 [mlx5_core]
mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]
mlx5_register_device+0x53/0xa0 [mlx5_core]
mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]
mlx5_init_one+0x3b/0x60 [mlx5_core]
probe_one+0x44c/0x730 [mlx5_core]
local_pci_probe+0x3e/0x90
pci_device_probe+0xbf/0x210
? kernfs_create_link+0x5d/0xa0
? sysfs_do_create_link_sd+0x60/0xc0
really_probe+0xc9/0x3e0
? driver_probe_device+0x90/0x90
__driver_probe_device+0x80/0x160
driver_probe_device+0x1e/0x90
__device_attach_driver+0x7d/0x100
bus_for_each_drv+0x80/0xd0
__device_attach+0xbc/0x1f0
pci_bus_add_device+0x54/0x80
pci_iov_add_virtfn+0x2e6/0x320
sriov_enable+0x208/0x420
mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]
sriov_numvfs_store+0xae/0x1a0
kernfs_fop_write_iter+0x10c/0x1a0
vfs_write+0x291/0x3c0
ksys_write+0x5f/0xe0
do_syscall_64+0x3d/0x90
entry_SYSCALL_64_after_hwframe+0x46/0xb0
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38608",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T19:44:05.361644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T19:44:14.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f7e6cfb864a53af71c5cc904f1cc22215d68f5c6",
"status": "affected",
"version": "2c3b5beec46ab0d77c94828eb15170b333ae769a",
"versionType": "git"
},
{
"lessThan": "3d5918477f94e4c2f064567875c475468e264644",
"status": "affected",
"version": "2c3b5beec46ab0d77c94828eb15170b333ae769a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n mlx5e_attach_netdev\n mlx5e_nic_enable \u003c-- netdev not reg, not calling netif_device_attach()\n register_netdev \u003c-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend \u003c-- netif_device_present return false, resources aren\u0027t freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:11.765Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6"
},
{
"url": "https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644"
}
],
"title": "net/mlx5e: Fix netif state handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38608",
"datePublished": "2024-06-19T13:56:10.614Z",
"dateReserved": "2024-06-18T19:36:34.941Z",
"dateUpdated": "2025-05-04T09:15:11.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52845 (GCVE-0-2023-52845)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
syzbot reported the following uninit-value access issue [1]:
=====================================================
BUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline]
BUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756
strlen lib/string.c:418 [inline]
strstr+0xb8/0x2f0 lib/string.c:756
tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595
genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline]
genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066
netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545
genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075
netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368
netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910
sock_sendmsg_nosec net/socket.c:730 [inline]
sock_sendmsg net/socket.c:753 [inline]
____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595
__sys_sendmsg net/socket.c:2624 [inline]
__do_sys_sendmsg net/socket.c:2633 [inline]
__se_sys_sendmsg net/socket.c:2631 [inline]
__x64_sys_sendmsg+0x307/0x490 net/socket.c:2631
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Uninit was created at:
slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767
slab_alloc_node mm/slub.c:3478 [inline]
kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559
__alloc_skb+0x318/0x740 net/core/skbuff.c:650
alloc_skb include/linux/skbuff.h:1286 [inline]
netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline]
netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885
sock_sendmsg_nosec net/socket.c:730 [inline]
sock_sendmsg net/socket.c:753 [inline]
____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595
__sys_sendmsg net/socket.c:2624 [inline]
__do_sys_sendmsg net/socket.c:2633 [inline]
__se_sys_sendmsg net/socket.c:2631 [inline]
__x64_sys_sendmsg+0x307/0x490 net/socket.c:2631
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
TIPC bearer-related names including link names must be null-terminated
strings. If a link name which is not null-terminated is passed through
netlink, strstr() and similar functions can cause buffer overrun. This
causes the above issue.
This patch changes the nla_policy for bearer-related names from NLA_STRING
to NLA_NUL_STRING. This resolves the issue by ensuring that only
null-terminated strings are accepted as bearer-related names.
syzbot reported similar uninit-value issue related to bearer names [2]. The
root cause of this issue is that a non-null-terminated bearer name was
passed. This patch also resolved this issue.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:31.255258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:54.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6744008c354bca2e4686a5b6056ee6b535d9f67d",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "2426425d686b43adbc4f2f4a367b494f06f159d6",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "2199260c42e6fbc5af8adae3bf78e623407c91b0",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "b33d130f07f1decd756b849ab03c23d11d4dd294",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "3907b89cd17fcc23e9a80789c36856f00ece0ba8",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "abc1582119e8c4af14cedb0db6541fd603f45a04",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "560992f41c0cea44b7603bc9e6c73bffbf6b5709",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "19b3f72a41a8751e26bffc093bb7e1cef29ad579",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.330",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.330",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Change nla_policy for bearer-related names to NLA_NUL_STRING\n\nsyzbot reported the following uninit-value access issue [1]:\n\n=====================================================\nBUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline]\nBUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756\n strlen lib/string.c:418 [inline]\n strstr+0xb8/0x2f0 lib/string.c:756\n tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595\n genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline]\n genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066\n netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545\n genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075\n netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]\n netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595\n __sys_sendmsg net/socket.c:2624 [inline]\n __do_sys_sendmsg net/socket.c:2633 [inline]\n __se_sys_sendmsg net/socket.c:2631 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUninit was created at:\n slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559\n __alloc_skb+0x318/0x740 net/core/skbuff.c:650\n alloc_skb include/linux/skbuff.h:1286 [inline]\n netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline]\n netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595\n __sys_sendmsg net/socket.c:2624 [inline]\n __do_sys_sendmsg net/socket.c:2633 [inline]\n __se_sys_sendmsg net/socket.c:2631 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nTIPC bearer-related names including link names must be null-terminated\nstrings. If a link name which is not null-terminated is passed through\nnetlink, strstr() and similar functions can cause buffer overrun. This\ncauses the above issue.\n\nThis patch changes the nla_policy for bearer-related names from NLA_STRING\nto NLA_NUL_STRING. This resolves the issue by ensuring that only\nnull-terminated strings are accepted as bearer-related names.\n\nsyzbot reported similar uninit-value issue related to bearer names [2]. The\nroot cause of this issue is that a non-null-terminated bearer name was\npassed. This patch also resolved this issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:11.838Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d"
},
{
"url": "https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6"
},
{
"url": "https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0"
},
{
"url": "https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294"
},
{
"url": "https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8"
},
{
"url": "https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4"
},
{
"url": "https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04"
},
{
"url": "https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709"
},
{
"url": "https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579"
}
],
"title": "tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52845",
"datePublished": "2024-05-21T15:31:43.181Z",
"dateReserved": "2024-05-21T15:19:24.254Z",
"dateUpdated": "2025-05-04T07:44:11.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38583 (GCVE-0-2024-38583)
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix use-after-free of timer for log writer thread
Patch series "nilfs2: fix log writer related issues".
This bug fix series covers three nilfs2 log writer-related issues,
including a timer use-after-free issue and potential deadlock issue on
unmount, and a potential freeze issue in event synchronization found
during their analysis. Details are described in each commit log.
This patch (of 3):
A use-after-free issue has been reported regarding the timer sc_timer on
the nilfs_sc_info structure.
The problem is that even though it is used to wake up a sleeping log
writer thread, sc_timer is not shut down until the nilfs_sc_info structure
is about to be freed, and is used regardless of the thread's lifetime.
Fix this issue by limiting the use of sc_timer only while the log writer
thread is alive.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 Version: fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/822ae5a8eac30478578a75f7e064f0584931bf2d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82933c84f188dcfe89eb26b0b48ab5d1ca99d164"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67fa90d4a2ccd9ebb0e1e168c7d0b5d0cf3c7148"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e65ccf3a4de4f0c763d94789615b83e11f204438"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/86a30d6302deddb9fb97ba6fc4b04d0e870b582a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9186bba4ea282b07293c1c892441df3a5441cb0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f12b2c03c5dae1a0de0a9e5853177e3d6eee3c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68e738be5c518fc3c4e9146b66f67c8fee0135fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5d4e04634c9cf68bdf23de08ada0bb92e8befe7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:56.689885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:55.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "822ae5a8eac30478578a75f7e064f0584931bf2d",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "82933c84f188dcfe89eb26b0b48ab5d1ca99d164",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "67fa90d4a2ccd9ebb0e1e168c7d0b5d0cf3c7148",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "e65ccf3a4de4f0c763d94789615b83e11f204438",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "86a30d6302deddb9fb97ba6fc4b04d0e870b582a",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "f9186bba4ea282b07293c1c892441df3a5441cb0",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "2f12b2c03c5dae1a0de0a9e5853177e3d6eee3c6",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "68e738be5c518fc3c4e9146b66f67c8fee0135fb",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
},
{
"lessThan": "f5d4e04634c9cf68bdf23de08ada0bb92e8befe7",
"status": "affected",
"version": "fdce895ea5dd4e24edf1f4d693827349a4e5b3b4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.94",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix use-after-free of timer for log writer thread\n\nPatch series \"nilfs2: fix log writer related issues\".\n\nThis bug fix series covers three nilfs2 log writer-related issues,\nincluding a timer use-after-free issue and potential deadlock issue on\nunmount, and a potential freeze issue in event synchronization found\nduring their analysis. Details are described in each commit log.\n\n\nThis patch (of 3):\n\nA use-after-free issue has been reported regarding the timer sc_timer on\nthe nilfs_sc_info structure.\n\nThe problem is that even though it is used to wake up a sleeping log\nwriter thread, sc_timer is not shut down until the nilfs_sc_info structure\nis about to be freed, and is used regardless of the thread\u0027s lifetime.\n\nFix this issue by limiting the use of sc_timer only while the log writer\nthread is alive."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:37.960Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/822ae5a8eac30478578a75f7e064f0584931bf2d"
},
{
"url": "https://git.kernel.org/stable/c/82933c84f188dcfe89eb26b0b48ab5d1ca99d164"
},
{
"url": "https://git.kernel.org/stable/c/67fa90d4a2ccd9ebb0e1e168c7d0b5d0cf3c7148"
},
{
"url": "https://git.kernel.org/stable/c/e65ccf3a4de4f0c763d94789615b83e11f204438"
},
{
"url": "https://git.kernel.org/stable/c/86a30d6302deddb9fb97ba6fc4b04d0e870b582a"
},
{
"url": "https://git.kernel.org/stable/c/f9186bba4ea282b07293c1c892441df3a5441cb0"
},
{
"url": "https://git.kernel.org/stable/c/2f12b2c03c5dae1a0de0a9e5853177e3d6eee3c6"
},
{
"url": "https://git.kernel.org/stable/c/68e738be5c518fc3c4e9146b66f67c8fee0135fb"
},
{
"url": "https://git.kernel.org/stable/c/f5d4e04634c9cf68bdf23de08ada0bb92e8befe7"
}
],
"title": "nilfs2: fix use-after-free of timer for log writer thread",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38583",
"datePublished": "2024-06-19T13:37:39.858Z",
"dateReserved": "2024-06-18T19:36:34.928Z",
"dateUpdated": "2025-05-04T09:14:37.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52766 (GCVE-0-2023-52766)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler
Do not loop over ring headers in hci_dma_irq_handler() that are not
allocated and enabled in hci_dma_init(). Otherwise out of bounds access
will occur from rings->headers[i] access when i >= number of allocated
ring headers.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:26:12.286527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:28.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d23ad76f240c0f597b7a9eb79905d246f27d40df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8be39f66915b40d26ea2c18ba84b5c3d5da6809b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c2b91b30d74d7c407118ad72502d4ca28af1af6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c86cb2321bd9c72d3b945ce7f747961beda8e65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/45a832f989e520095429589d5b01b0c65da9b574"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i3c/master/mipi-i3c-hci/dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d23ad76f240c0f597b7a9eb79905d246f27d40df",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "8be39f66915b40d26ea2c18ba84b5c3d5da6809b",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "7c2b91b30d74d7c407118ad72502d4ca28af1af6",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "4c86cb2321bd9c72d3b945ce7f747961beda8e65",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "45a832f989e520095429589d5b01b0c65da9b574",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i3c/master/mipi-i3c-hci/dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler\n\nDo not loop over ring headers in hci_dma_irq_handler() that are not\nallocated and enabled in hci_dma_init(). Otherwise out of bounds access\nwill occur from rings-\u003eheaders[i] access when i \u003e= number of allocated\nring headers."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:42.864Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d23ad76f240c0f597b7a9eb79905d246f27d40df"
},
{
"url": "https://git.kernel.org/stable/c/8be39f66915b40d26ea2c18ba84b5c3d5da6809b"
},
{
"url": "https://git.kernel.org/stable/c/7c2b91b30d74d7c407118ad72502d4ca28af1af6"
},
{
"url": "https://git.kernel.org/stable/c/4c86cb2321bd9c72d3b945ce7f747961beda8e65"
},
{
"url": "https://git.kernel.org/stable/c/45a832f989e520095429589d5b01b0c65da9b574"
}
],
"title": "i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52766",
"datePublished": "2024-05-21T15:30:50.343Z",
"dateReserved": "2024-05-21T15:19:24.238Z",
"dateUpdated": "2025-05-04T07:42:42.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52851 (GCVE-0-2023-52851)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF
In the unlikely event that workqueue allocation fails and returns NULL in
mlx5_mkey_cache_init(), delete the call to
mlx5r_umr_resource_cleanup() (which frees the QP) in
mlx5_ib_stage_post_ib_reg_umr_init(). This will avoid attempted double
free of the same QP when __mlx5_ib_add() does its cleanup.
Resolves a splat:
Syzkaller reported a UAF in ib_destroy_qp_user
workqueue: Failed to create a rescuer kthread for wq "mkey_cache": -EINTR
infiniband mlx5_0: mlx5_mkey_cache_init:981:(pid 1642):
failed to create work queue
infiniband mlx5_0: mlx5_ib_stage_post_ib_reg_umr_init:4075:(pid 1642):
mr cache init failed -12
==================================================================
BUG: KASAN: slab-use-after-free in ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2073)
Read of size 8 at addr ffff88810da310a8 by task repro_upstream/1642
Call Trace:
<TASK>
kasan_report (mm/kasan/report.c:590)
ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2073)
mlx5r_umr_resource_cleanup (drivers/infiniband/hw/mlx5/umr.c:198)
__mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4178)
mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402)
...
</TASK>
Allocated by task 1642:
__kmalloc (./include/linux/kasan.h:198 mm/slab_common.c:1026
mm/slab_common.c:1039)
create_qp (./include/linux/slab.h:603 ./include/linux/slab.h:720
./include/rdma/ib_verbs.h:2795 drivers/infiniband/core/verbs.c:1209)
ib_create_qp_kernel (drivers/infiniband/core/verbs.c:1347)
mlx5r_umr_resource_init (drivers/infiniband/hw/mlx5/umr.c:164)
mlx5_ib_stage_post_ib_reg_umr_init (drivers/infiniband/hw/mlx5/main.c:4070)
__mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4168)
mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402)
...
Freed by task 1642:
__kmem_cache_free (mm/slub.c:1826 mm/slub.c:3809 mm/slub.c:3822)
ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2112)
mlx5r_umr_resource_cleanup (drivers/infiniband/hw/mlx5/umr.c:198)
mlx5_ib_stage_post_ib_reg_umr_init (drivers/infiniband/hw/mlx5/main.c:4076
drivers/infiniband/hw/mlx5/main.c:4065)
__mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4168)
mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402)
...
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:56:10.534699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:32.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/437f033e30c897bb3723eac9e9003cd9f88d00a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f4a7a7d1404297f2a92df0046f7e64dc5c52dd9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6387f269d84e6e149499408c4d1fc805017729b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ef422f063b74adcc4a4a9004b0a87bb55e0a836"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/mlx5/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "437f033e30c897bb3723eac9e9003cd9f88d00a3",
"status": "affected",
"version": "04876c12c19e94bbbc94bb0446c7bc7cd75163de",
"versionType": "git"
},
{
"lessThan": "4f4a7a7d1404297f2a92df0046f7e64dc5c52dd9",
"status": "affected",
"version": "04876c12c19e94bbbc94bb0446c7bc7cd75163de",
"versionType": "git"
},
{
"lessThan": "6387f269d84e6e149499408c4d1fc805017729b2",
"status": "affected",
"version": "04876c12c19e94bbbc94bb0446c7bc7cd75163de",
"versionType": "git"
},
{
"lessThan": "2ef422f063b74adcc4a4a9004b0a87bb55e0a836",
"status": "affected",
"version": "04876c12c19e94bbbc94bb0446c7bc7cd75163de",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/mlx5/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF\n\nIn the unlikely event that workqueue allocation fails and returns NULL in\nmlx5_mkey_cache_init(), delete the call to\nmlx5r_umr_resource_cleanup() (which frees the QP) in\nmlx5_ib_stage_post_ib_reg_umr_init(). This will avoid attempted double\nfree of the same QP when __mlx5_ib_add() does its cleanup.\n\nResolves a splat:\n\n Syzkaller reported a UAF in ib_destroy_qp_user\n\n workqueue: Failed to create a rescuer kthread for wq \"mkey_cache\": -EINTR\n infiniband mlx5_0: mlx5_mkey_cache_init:981:(pid 1642):\n failed to create work queue\n infiniband mlx5_0: mlx5_ib_stage_post_ib_reg_umr_init:4075:(pid 1642):\n mr cache init failed -12\n ==================================================================\n BUG: KASAN: slab-use-after-free in ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2073)\n Read of size 8 at addr ffff88810da310a8 by task repro_upstream/1642\n\n Call Trace:\n \u003cTASK\u003e\n kasan_report (mm/kasan/report.c:590)\n ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2073)\n mlx5r_umr_resource_cleanup (drivers/infiniband/hw/mlx5/umr.c:198)\n __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4178)\n mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402)\n ...\n \u003c/TASK\u003e\n\n Allocated by task 1642:\n __kmalloc (./include/linux/kasan.h:198 mm/slab_common.c:1026\n mm/slab_common.c:1039)\n create_qp (./include/linux/slab.h:603 ./include/linux/slab.h:720\n ./include/rdma/ib_verbs.h:2795 drivers/infiniband/core/verbs.c:1209)\n ib_create_qp_kernel (drivers/infiniband/core/verbs.c:1347)\n mlx5r_umr_resource_init (drivers/infiniband/hw/mlx5/umr.c:164)\n mlx5_ib_stage_post_ib_reg_umr_init (drivers/infiniband/hw/mlx5/main.c:4070)\n __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4168)\n mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402)\n ...\n\n Freed by task 1642:\n __kmem_cache_free (mm/slub.c:1826 mm/slub.c:3809 mm/slub.c:3822)\n ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2112)\n mlx5r_umr_resource_cleanup (drivers/infiniband/hw/mlx5/umr.c:198)\n mlx5_ib_stage_post_ib_reg_umr_init (drivers/infiniband/hw/mlx5/main.c:4076\n drivers/infiniband/hw/mlx5/main.c:4065)\n __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4168)\n mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402)\n ..."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:18.900Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/437f033e30c897bb3723eac9e9003cd9f88d00a3"
},
{
"url": "https://git.kernel.org/stable/c/4f4a7a7d1404297f2a92df0046f7e64dc5c52dd9"
},
{
"url": "https://git.kernel.org/stable/c/6387f269d84e6e149499408c4d1fc805017729b2"
},
{
"url": "https://git.kernel.org/stable/c/2ef422f063b74adcc4a4a9004b0a87bb55e0a836"
}
],
"title": "IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52851",
"datePublished": "2024-05-21T15:31:47.220Z",
"dateReserved": "2024-05-21T15:19:24.255Z",
"dateUpdated": "2025-05-04T07:44:18.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36010 (GCVE-0-2024-36010)
Vulnerability from cvelistv5
Published
2024-05-22 11:46
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
igb: Fix string truncation warnings in igb_set_fw_version
Commit 1978d3ead82c ("intel: fix string truncation warnings")
fixes '-Wformat-truncation=' warnings in igb_main.c by using kasprintf.
drivers/net/ethernet/intel/igb/igb_main.c:3092:53: warning:‘%d’ directive output may be truncated writing between 1 and 5 bytes into a region of size between 1 and 13 [-Wformat-truncation=]
3092 | "%d.%d, 0x%08x, %d.%d.%d",
| ^~
drivers/net/ethernet/intel/igb/igb_main.c:3092:34: note:directive argument in the range [0, 65535]
3092 | "%d.%d, 0x%08x, %d.%d.%d",
| ^~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/intel/igb/igb_main.c:3092:34: note:directive argument in the range [0, 65535]
drivers/net/ethernet/intel/igb/igb_main.c:3090:25: note:‘snprintf’ output between 23 and 43 bytes into a destination of size 32
kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure.
Fix this warning by using a larger space for adapter->fw_version,
and then fall back and continue to use snprintf.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T15:07:27.450256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:56.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c56d055893cbe97848611855d1c97d0ab171eccc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igb/igb.h",
"drivers/net/ethernet/intel/igb/igb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c56d055893cbe97848611855d1c97d0ab171eccc",
"status": "affected",
"version": "1978d3ead82c8e39d739dd4e19b1ea7bf923dfb4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igb/igb.h",
"drivers/net/ethernet/intel/igb/igb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Fix string truncation warnings in igb_set_fw_version\n\nCommit 1978d3ead82c (\"intel: fix string truncation warnings\")\nfixes \u0027-Wformat-truncation=\u0027 warnings in igb_main.c by using kasprintf.\n\ndrivers/net/ethernet/intel/igb/igb_main.c:3092:53: warning\uff1a\u2018%d\u2019 directive output may be truncated writing between 1 and 5 bytes into a region of size between 1 and 13 [-Wformat-truncation=]\n 3092 | \"%d.%d, 0x%08x, %d.%d.%d\",\n | ^~\ndrivers/net/ethernet/intel/igb/igb_main.c:3092:34: note\uff1adirective argument in the range [0, 65535]\n 3092 | \"%d.%d, 0x%08x, %d.%d.%d\",\n | ^~~~~~~~~~~~~~~~~~~~~~~~~\ndrivers/net/ethernet/intel/igb/igb_main.c:3092:34: note\uff1adirective argument in the range [0, 65535]\ndrivers/net/ethernet/intel/igb/igb_main.c:3090:25: note\uff1a\u2018snprintf\u2019 output between 23 and 43 bytes into a destination of size 32\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure.\n\nFix this warning by using a larger space for adapter-\u003efw_version,\nand then fall back and continue to use snprintf."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:26.508Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c56d055893cbe97848611855d1c97d0ab171eccc"
}
],
"title": "igb: Fix string truncation warnings in igb_set_fw_version",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36010",
"datePublished": "2024-05-22T11:46:32.984Z",
"dateReserved": "2024-05-17T13:50:33.152Z",
"dateUpdated": "2025-05-04T09:10:26.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52782 (GCVE-0-2023-52782)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Track xmit submission to PTP WQ after populating metadata map
Ensure the skb is available in metadata mapping to skbs before tracking the
metadata index for detecting undelivered CQEs. If the metadata index is put
in the tracking list before putting the skb in the map, the metadata index
might be used for detecting undelivered CQEs before the relevant skb is
available in the map, which can lead to a null-ptr-deref.
Log:
general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
CPU: 0 PID: 1243 Comm: kworker/0:2 Not tainted 6.6.0-rc4+ #108
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Workqueue: events mlx5e_rx_dim_work [mlx5_core]
RIP: 0010:mlx5e_ptp_napi_poll+0x9a4/0x2290 [mlx5_core]
Code: 8c 24 38 cc ff ff 4c 8d 3c c1 4c 89 f9 48 c1 e9 03 42 80 3c 31 00 0f 85 97 0f 00 00 4d 8b 3f 49 8d 7f 28 48 89 f9 48 c1 e9 03 <42> 80 3c 31 00 0f 85 8b 0f 00 00 49 8b 47 28 48 85 c0 0f 84 05 07
RSP: 0018:ffff8884d3c09c88 EFLAGS: 00010206
RAX: 0000000000000069 RBX: ffff8881160349d8 RCX: 0000000000000005
RDX: ffffed10218f48cf RSI: 0000000000000004 RDI: 0000000000000028
RBP: ffff888122707700 R08: 0000000000000001 R09: ffffed109a781383
R10: 0000000000000003 R11: 0000000000000003 R12: ffff88810c7a7a40
R13: ffff888122707700 R14: dffffc0000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8884d3c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4f878dd6e0 CR3: 000000014d108002 CR4: 0000000000370eb0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
? die_addr+0x3c/0xa0
? exc_general_protection+0x144/0x210
? asm_exc_general_protection+0x22/0x30
? mlx5e_ptp_napi_poll+0x9a4/0x2290 [mlx5_core]
? mlx5e_ptp_napi_poll+0x8f6/0x2290 [mlx5_core]
__napi_poll.constprop.0+0xa4/0x580
net_rx_action+0x460/0xb80
? _raw_spin_unlock_irqrestore+0x32/0x60
? __napi_poll.constprop.0+0x580/0x580
? tasklet_action_common.isra.0+0x2ef/0x760
__do_softirq+0x26c/0x827
irq_exit_rcu+0xc2/0x100
common_interrupt+0x7f/0xa0
</IRQ>
<TASK>
asm_common_interrupt+0x22/0x40
RIP: 0010:__kmem_cache_alloc_node+0xb/0x330
Code: 41 5d 41 5e 41 5f c3 8b 44 24 14 8b 4c 24 10 09 c8 eb d5 e8 b7 43 ca 01 0f 1f 80 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 57 <41> 56 41 89 d6 41 55 41 89 f5 41 54 49 89 fc 53 48 83 e4 f0 48 83
RSP: 0018:ffff88812c4079c0 EFLAGS: 00000246
RAX: 1ffffffff083c7fe RBX: ffff888100042dc0 RCX: 0000000000000218
RDX: 00000000ffffffff RSI: 0000000000000dc0 RDI: ffff888100042dc0
RBP: ffff88812c4079c8 R08: ffffffffa0289f96 R09: ffffed1025880ea9
R10: ffff888138839f80 R11: 0000000000000002 R12: 0000000000000dc0
R13: 0000000000000100 R14: 000000000000008c R15: ffff8881271fc450
? cmd_exec+0x796/0x2200 [mlx5_core]
kmalloc_trace+0x26/0xc0
cmd_exec+0x796/0x2200 [mlx5_core]
mlx5_cmd_do+0x22/0xc0 [mlx5_core]
mlx5_cmd_exec+0x17/0x30 [mlx5_core]
mlx5_core_modify_cq_moderation+0x139/0x1b0 [mlx5_core]
? mlx5_add_cq_to_tasklet+0x280/0x280 [mlx5_core]
? lockdep_set_lock_cmp_fn+0x190/0x190
? process_one_work+0x659/0x1220
mlx5e_rx_dim_work+0x9d/0x100 [mlx5_core]
process_one_work+0x730/0x1220
? lockdep_hardirqs_on_prepare+0x400/0x400
? max_active_store+0xf0/0xf0
? assign_work+0x168/0x240
worker_thread+0x70f/0x12d0
? __kthread_parkme+0xd1/0x1d0
? process_one_work+0x1220/0x1220
kthread+0x2d9/0x3b0
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x2d/0x70
? kthread_complete_and_exit+0x20/0x20
ret_from_fork_as
---truncated---
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52782",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T18:32:52.154799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:11.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9d6c0c5a6bd9ca88e964f8843ea41bc085de866"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d510506b46504664eacf8a44a9e8f3e54c137b8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e3f3ba97e6cc6fce5bf62df2ca06c8e59040167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a9d6c0c5a6bd9ca88e964f8843ea41bc085de866",
"status": "affected",
"version": "e729382c297e2c492ff2a260aa1f23183eadae2e",
"versionType": "git"
},
{
"lessThan": "4d510506b46504664eacf8a44a9e8f3e54c137b8",
"status": "affected",
"version": "3178308ad4ca38955cad684d235153d4939f1fcd",
"versionType": "git"
},
{
"lessThan": "7e3f3ba97e6cc6fce5bf62df2ca06c8e59040167",
"status": "affected",
"version": "3178308ad4ca38955cad684d235153d4939f1fcd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Track xmit submission to PTP WQ after populating metadata map\n\nEnsure the skb is available in metadata mapping to skbs before tracking the\nmetadata index for detecting undelivered CQEs. If the metadata index is put\nin the tracking list before putting the skb in the map, the metadata index\nmight be used for detecting undelivered CQEs before the relevant skb is\navailable in the map, which can lead to a null-ptr-deref.\n\nLog:\n general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n CPU: 0 PID: 1243 Comm: kworker/0:2 Not tainted 6.6.0-rc4+ #108\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: events mlx5e_rx_dim_work [mlx5_core]\n RIP: 0010:mlx5e_ptp_napi_poll+0x9a4/0x2290 [mlx5_core]\n Code: 8c 24 38 cc ff ff 4c 8d 3c c1 4c 89 f9 48 c1 e9 03 42 80 3c 31 00 0f 85 97 0f 00 00 4d 8b 3f 49 8d 7f 28 48 89 f9 48 c1 e9 03 \u003c42\u003e 80 3c 31 00 0f 85 8b 0f 00 00 49 8b 47 28 48 85 c0 0f 84 05 07\n RSP: 0018:ffff8884d3c09c88 EFLAGS: 00010206\n RAX: 0000000000000069 RBX: ffff8881160349d8 RCX: 0000000000000005\n RDX: ffffed10218f48cf RSI: 0000000000000004 RDI: 0000000000000028\n RBP: ffff888122707700 R08: 0000000000000001 R09: ffffed109a781383\n R10: 0000000000000003 R11: 0000000000000003 R12: ffff88810c7a7a40\n R13: ffff888122707700 R14: dffffc0000000000 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8884d3c00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f878dd6e0 CR3: 000000014d108002 CR4: 0000000000370eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cIRQ\u003e\n ? die_addr+0x3c/0xa0\n ? exc_general_protection+0x144/0x210\n ? asm_exc_general_protection+0x22/0x30\n ? mlx5e_ptp_napi_poll+0x9a4/0x2290 [mlx5_core]\n ? mlx5e_ptp_napi_poll+0x8f6/0x2290 [mlx5_core]\n __napi_poll.constprop.0+0xa4/0x580\n net_rx_action+0x460/0xb80\n ? _raw_spin_unlock_irqrestore+0x32/0x60\n ? __napi_poll.constprop.0+0x580/0x580\n ? tasklet_action_common.isra.0+0x2ef/0x760\n __do_softirq+0x26c/0x827\n irq_exit_rcu+0xc2/0x100\n common_interrupt+0x7f/0xa0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_common_interrupt+0x22/0x40\n RIP: 0010:__kmem_cache_alloc_node+0xb/0x330\n Code: 41 5d 41 5e 41 5f c3 8b 44 24 14 8b 4c 24 10 09 c8 eb d5 e8 b7 43 ca 01 0f 1f 80 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 57 \u003c41\u003e 56 41 89 d6 41 55 41 89 f5 41 54 49 89 fc 53 48 83 e4 f0 48 83\n RSP: 0018:ffff88812c4079c0 EFLAGS: 00000246\n RAX: 1ffffffff083c7fe RBX: ffff888100042dc0 RCX: 0000000000000218\n RDX: 00000000ffffffff RSI: 0000000000000dc0 RDI: ffff888100042dc0\n RBP: ffff88812c4079c8 R08: ffffffffa0289f96 R09: ffffed1025880ea9\n R10: ffff888138839f80 R11: 0000000000000002 R12: 0000000000000dc0\n R13: 0000000000000100 R14: 000000000000008c R15: ffff8881271fc450\n ? cmd_exec+0x796/0x2200 [mlx5_core]\n kmalloc_trace+0x26/0xc0\n cmd_exec+0x796/0x2200 [mlx5_core]\n mlx5_cmd_do+0x22/0xc0 [mlx5_core]\n mlx5_cmd_exec+0x17/0x30 [mlx5_core]\n mlx5_core_modify_cq_moderation+0x139/0x1b0 [mlx5_core]\n ? mlx5_add_cq_to_tasklet+0x280/0x280 [mlx5_core]\n ? lockdep_set_lock_cmp_fn+0x190/0x190\n ? process_one_work+0x659/0x1220\n mlx5e_rx_dim_work+0x9d/0x100 [mlx5_core]\n process_one_work+0x730/0x1220\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? max_active_store+0xf0/0xf0\n ? assign_work+0x168/0x240\n worker_thread+0x70f/0x12d0\n ? __kthread_parkme+0xd1/0x1d0\n ? process_one_work+0x1220/0x1220\n kthread+0x2d9/0x3b0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x2d/0x70\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork_as\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:06.953Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a9d6c0c5a6bd9ca88e964f8843ea41bc085de866"
},
{
"url": "https://git.kernel.org/stable/c/4d510506b46504664eacf8a44a9e8f3e54c137b8"
},
{
"url": "https://git.kernel.org/stable/c/7e3f3ba97e6cc6fce5bf62df2ca06c8e59040167"
}
],
"title": "net/mlx5e: Track xmit submission to PTP WQ after populating metadata map",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52782",
"datePublished": "2024-05-21T15:31:00.897Z",
"dateReserved": "2024-05-21T15:19:24.240Z",
"dateUpdated": "2025-05-04T07:43:06.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52883 (GCVE-0-2023-52883)
Vulnerability from cvelistv5
Published
2024-06-20 11:54
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix possible null pointer dereference
abo->tbo.resource may be NULL in amdgpu_vm_bo_update.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "fefac8c4686f",
"status": "affected",
"version": "180253782038",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "51b79f338175",
"status": "affected",
"version": "180253782038",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6.4"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.6",
"status": "unaffected",
"version": "6.5.9",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T18:49:26.969492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T18:57:34.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fefac8c4686fd81fde6830c6dae32f9001d2ac28"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/51b79f33817544e3b4df838d86e8e8e4388ff684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fefac8c4686fd81fde6830c6dae32f9001d2ac28",
"status": "affected",
"version": "1802537820389183dfcd814e0f6a60d1496a75ef",
"versionType": "git"
},
{
"lessThan": "51b79f33817544e3b4df838d86e8e8e4388ff684",
"status": "affected",
"version": "1802537820389183dfcd814e0f6a60d1496a75ef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.9",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix possible null pointer dereference\n\nabo-\u003etbo.resource may be NULL in amdgpu_vm_bo_update."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:12.381Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fefac8c4686fd81fde6830c6dae32f9001d2ac28"
},
{
"url": "https://git.kernel.org/stable/c/51b79f33817544e3b4df838d86e8e8e4388ff684"
}
],
"title": "drm/amdgpu: Fix possible null pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52883",
"datePublished": "2024-06-20T11:54:26.424Z",
"dateReserved": "2024-05-21T15:35:00.782Z",
"dateUpdated": "2025-05-04T07:45:12.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38544 (GCVE-0-2024-38544)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
In rxe_comp_queue_pkt() an incoming response packet skb is enqueued to the
resp_pkts queue and then a decision is made whether to run the completer
task inline or schedule it. Finally the skb is dereferenced to bump a 'hw'
performance counter. This is wrong because if the completer task is
already running in a separate thread it may have already processed the skb
and freed it which can cause a seg fault. This has been observed
infrequently in testing at high scale.
This patch fixes this by changing the order of enqueuing the packet until
after the counter is accessed.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0 Version: 0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0 Version: 0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0 Version: 0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0 Version: 0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0 Version: 0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0 Version: 0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0 Version: 0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:44:10.125327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:19:22.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:24.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/faa8d0ecf6c9c7c2ace3ca3e552180ada6f75e19"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21b4c6d4d89030fd4657a8e7c8110fd941049794"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bbad88f111a1829f366c189aa48e7e58e57553fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/30df4bef8b8e183333e9b6e9d4509d552c7da6eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b23b6097303ed0ba5f4bc036a1c07b6027af5c6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/sw/rxe/rxe_comp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c91fb72a2ca6480d8d77262eef52dc5b178463a3",
"status": "affected",
"version": "0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0",
"versionType": "git"
},
{
"lessThan": "de5a059e36657442b5637cc16df5163e435b9cb4",
"status": "affected",
"version": "0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0",
"versionType": "git"
},
{
"lessThan": "e0e14dd35d4242340c7346aac60c7ff8fbf87ffc",
"status": "affected",
"version": "0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0",
"versionType": "git"
},
{
"lessThan": "faa8d0ecf6c9c7c2ace3ca3e552180ada6f75e19",
"status": "affected",
"version": "0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0",
"versionType": "git"
},
{
"lessThan": "21b4c6d4d89030fd4657a8e7c8110fd941049794",
"status": "affected",
"version": "0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0",
"versionType": "git"
},
{
"lessThan": "bbad88f111a1829f366c189aa48e7e58e57553fc",
"status": "affected",
"version": "0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0",
"versionType": "git"
},
{
"lessThan": "30df4bef8b8e183333e9b6e9d4509d552c7da6eb",
"status": "affected",
"version": "0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0",
"versionType": "git"
},
{
"lessThan": "2b23b6097303ed0ba5f4bc036a1c07b6027af5c6",
"status": "affected",
"version": "0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/sw/rxe/rxe_comp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix seg fault in rxe_comp_queue_pkt\n\nIn rxe_comp_queue_pkt() an incoming response packet skb is enqueued to the\nresp_pkts queue and then a decision is made whether to run the completer\ntask inline or schedule it. Finally the skb is dereferenced to bump a \u0027hw\u0027\nperformance counter. This is wrong because if the completer task is\nalready running in a separate thread it may have already processed the skb\nand freed it which can cause a seg fault. This has been observed\ninfrequently in testing at high scale.\n\nThis patch fixes this by changing the order of enqueuing the packet until\nafter the counter is accessed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:40.245Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c91fb72a2ca6480d8d77262eef52dc5b178463a3"
},
{
"url": "https://git.kernel.org/stable/c/de5a059e36657442b5637cc16df5163e435b9cb4"
},
{
"url": "https://git.kernel.org/stable/c/e0e14dd35d4242340c7346aac60c7ff8fbf87ffc"
},
{
"url": "https://git.kernel.org/stable/c/faa8d0ecf6c9c7c2ace3ca3e552180ada6f75e19"
},
{
"url": "https://git.kernel.org/stable/c/21b4c6d4d89030fd4657a8e7c8110fd941049794"
},
{
"url": "https://git.kernel.org/stable/c/bbad88f111a1829f366c189aa48e7e58e57553fc"
},
{
"url": "https://git.kernel.org/stable/c/30df4bef8b8e183333e9b6e9d4509d552c7da6eb"
},
{
"url": "https://git.kernel.org/stable/c/2b23b6097303ed0ba5f4bc036a1c07b6027af5c6"
}
],
"title": "RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38544",
"datePublished": "2024-06-19T13:35:18.676Z",
"dateReserved": "2024-06-18T19:36:34.919Z",
"dateUpdated": "2025-05-04T09:13:40.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38569 (GCVE-0-2024-38569)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group
The perf tool allows users to create event groups through following
cmd [1], but the driver does not check whether the array index is out of
bounds when writing data to the event_group array. If the number of events
in an event_group is greater than HISI_PCIE_MAX_COUNTERS, the memory write
overflow of event_group array occurs.
Add array index check to fix the possible array out of bounds violation,
and return directly when write new events are written to array bounds.
There are 9 different events in an event_group.
[1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}'
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T18:24:22.058209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T18:24:28.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d1face00ebb7996842aee4214d7d0fb0c77b1e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e9aab2492178f25372f1820bfd9289fbd74efd0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/567d34626c22b36579ec0abfdf5eda2949044220"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff48247144d13a3a0817127703724256008efa78"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77fce82678ea5fd51442e62febec2004f79e041b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/perf/hisilicon/hisi_pcie_pmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3d1face00ebb7996842aee4214d7d0fb0c77b1e9",
"status": "affected",
"version": "8404b0fbc7fbd42e5c5d28cdedd450e70829c77a",
"versionType": "git"
},
{
"lessThan": "8e9aab2492178f25372f1820bfd9289fbd74efd0",
"status": "affected",
"version": "8404b0fbc7fbd42e5c5d28cdedd450e70829c77a",
"versionType": "git"
},
{
"lessThan": "567d34626c22b36579ec0abfdf5eda2949044220",
"status": "affected",
"version": "8404b0fbc7fbd42e5c5d28cdedd450e70829c77a",
"versionType": "git"
},
{
"lessThan": "ff48247144d13a3a0817127703724256008efa78",
"status": "affected",
"version": "8404b0fbc7fbd42e5c5d28cdedd450e70829c77a",
"versionType": "git"
},
{
"lessThan": "77fce82678ea5fd51442e62febec2004f79e041b",
"status": "affected",
"version": "8404b0fbc7fbd42e5c5d28cdedd450e70829c77a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/perf/hisilicon/hisi_pcie_pmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi_pcie: Fix out-of-bound access when valid event group\n\nThe perf tool allows users to create event groups through following\ncmd [1], but the driver does not check whether the array index is out of\nbounds when writing data to the event_group array. If the number of events\nin an event_group is greater than HISI_PCIE_MAX_COUNTERS, the memory write\noverflow of event_group array occurs.\n\nAdd array index check to fix the possible array out of bounds violation,\nand return directly when write new events are written to array bounds.\n\nThere are 9 different events in an event_group.\n[1] perf stat -e \u0027{pmu/event1/, ... ,pmu/event9/}\u0027"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:19.091Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3d1face00ebb7996842aee4214d7d0fb0c77b1e9"
},
{
"url": "https://git.kernel.org/stable/c/8e9aab2492178f25372f1820bfd9289fbd74efd0"
},
{
"url": "https://git.kernel.org/stable/c/567d34626c22b36579ec0abfdf5eda2949044220"
},
{
"url": "https://git.kernel.org/stable/c/ff48247144d13a3a0817127703724256008efa78"
},
{
"url": "https://git.kernel.org/stable/c/77fce82678ea5fd51442e62febec2004f79e041b"
}
],
"title": "drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38569",
"datePublished": "2024-06-19T13:35:35.588Z",
"dateReserved": "2024-06-18T19:36:34.923Z",
"dateUpdated": "2025-05-04T09:14:19.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52764 (GCVE-0-2023-52764)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: gspca: cpia1: shift-out-of-bounds in set_flicker
Syzkaller reported the following issue:
UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27
shift exponent 245 is too large for 32-bit type 'int'
When the value of the variable "sd->params.exposure.gain" exceeds the
number of bits in an integer, a shift-out-of-bounds error is reported. It
is triggered because the variable "currentexp" cannot be left-shifted by
more than the number of bits in an integer. In order to avoid invalid
range during left-shift, the conditional expression is added.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:37:06.356182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:31.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/gspca/cpia1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69bba62600bd91d6b7c1e8ca181faf8ac64f7060",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2eee8edfff90e22980a6b22079d238c3c9d323bb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8f83c85ee88225319c52680792320c02158c2a9b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c6b6b8692218da73b33b310d7c1df90f115bdd9a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "09cd8b561aa9796903710a1046957f2b112c8f26",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a647f27a7426d2fe1b40da7c8fa2b81354a51177",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "93bddd6529f187f510eec759f37d0569243c9809",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e2d7149b913d14352c82624e723ce1c211ca06d3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "099be1822d1f095433f4b08af9cc9d6308ec1953",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/gspca/cpia1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: gspca: cpia1: shift-out-of-bounds in set_flicker\n\nSyzkaller reported the following issue:\nUBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27\nshift exponent 245 is too large for 32-bit type \u0027int\u0027\n\nWhen the value of the variable \"sd-\u003eparams.exposure.gain\" exceeds the\nnumber of bits in an integer, a shift-out-of-bounds error is reported. It\nis triggered because the variable \"currentexp\" cannot be left-shifted by\nmore than the number of bits in an integer. In order to avoid invalid\nrange during left-shift, the conditional expression is added."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:40.597Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060"
},
{
"url": "https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb"
},
{
"url": "https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b"
},
{
"url": "https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a"
},
{
"url": "https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26"
},
{
"url": "https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177"
},
{
"url": "https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809"
},
{
"url": "https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3"
},
{
"url": "https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953"
}
],
"title": "media: gspca: cpia1: shift-out-of-bounds in set_flicker",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52764",
"datePublished": "2024-05-21T15:30:49.032Z",
"dateReserved": "2024-05-21T15:19:24.238Z",
"dateUpdated": "2025-05-04T07:42:40.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38543 (GCVE-0-2024-38543)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
The kcalloc() in dmirror_device_evict_chunk() will return null if the
physical memory has run out. As a result, if src_pfns or dst_pfns is
dereferenced, the null pointer dereference bug will happen.
Moreover, the device is going away. If the kcalloc() fails, the pages
mapping a chunk could not be evicted. So add a __GFP_NOFAIL flag in
kcalloc().
Finally, as there is no need to have physically contiguous memory, Switch
kcalloc() to kvcalloc() in order to avoid failing allocations.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a21fdeea502658e315bd939409b755974f4fb64"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65e528a69cb3ed4a286c45b4afba57461c8b5b33"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce47e8ead9a72834cc68431d53f8092ce69bebb7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b20d18f475bd17309db640dbe7d7c7ebb5bc2bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2af060d1c18beaec56351cf9c9bcbbc5af341a3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:10.301202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:58.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"lib/test_hmm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1a21fdeea502658e315bd939409b755974f4fb64",
"status": "affected",
"version": "b2ef9f5a5cb37643ca5def3516c546457074b882",
"versionType": "git"
},
{
"lessThan": "65e528a69cb3ed4a286c45b4afba57461c8b5b33",
"status": "affected",
"version": "b2ef9f5a5cb37643ca5def3516c546457074b882",
"versionType": "git"
},
{
"lessThan": "ce47e8ead9a72834cc68431d53f8092ce69bebb7",
"status": "affected",
"version": "b2ef9f5a5cb37643ca5def3516c546457074b882",
"versionType": "git"
},
{
"lessThan": "3b20d18f475bd17309db640dbe7d7c7ebb5bc2bc",
"status": "affected",
"version": "b2ef9f5a5cb37643ca5def3516c546457074b882",
"versionType": "git"
},
{
"lessThan": "c2af060d1c18beaec56351cf9c9bcbbc5af341a3",
"status": "affected",
"version": "b2ef9f5a5cb37643ca5def3516c546457074b882",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"lib/test_hmm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/test_hmm.c: handle src_pfns and dst_pfns allocation failure\n\nThe kcalloc() in dmirror_device_evict_chunk() will return null if the\nphysical memory has run out. As a result, if src_pfns or dst_pfns is\ndereferenced, the null pointer dereference bug will happen.\n\nMoreover, the device is going away. If the kcalloc() fails, the pages\nmapping a chunk could not be evicted. So add a __GFP_NOFAIL flag in\nkcalloc().\n\nFinally, as there is no need to have physically contiguous memory, Switch\nkcalloc() to kvcalloc() in order to avoid failing allocations."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:38.958Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1a21fdeea502658e315bd939409b755974f4fb64"
},
{
"url": "https://git.kernel.org/stable/c/65e528a69cb3ed4a286c45b4afba57461c8b5b33"
},
{
"url": "https://git.kernel.org/stable/c/ce47e8ead9a72834cc68431d53f8092ce69bebb7"
},
{
"url": "https://git.kernel.org/stable/c/3b20d18f475bd17309db640dbe7d7c7ebb5bc2bc"
},
{
"url": "https://git.kernel.org/stable/c/c2af060d1c18beaec56351cf9c9bcbbc5af341a3"
}
],
"title": "lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38543",
"datePublished": "2024-06-19T13:35:17.994Z",
"dateReserved": "2024-06-18T19:36:34.919Z",
"dateUpdated": "2025-05-04T09:13:38.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35925 (GCVE-0-2024-35925)
Vulnerability from cvelistv5
Published
2024-05-19 10:10
Modified
2025-05-04 09:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: prevent division by zero in blk_rq_stat_sum()
The expression dst->nr_samples + src->nr_samples may
have zero value on overflow. It is necessary to add
a check to avoid division by zero.
Found by Linux Verification Center (linuxtesting.org) with Svace.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:10:44.680403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:55.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a55dab4ac956deb23690eedd74e70b892a378e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edd073c78d2bf48c5b8bf435bbc3d61d6e7c6c14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21e7d72d0cfcbae6042d498ea2e6f395311767f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/512a01da7134bac8f8b373506011e8aaa3283854"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f7fd6aa4c4877d77133ea86c14cf256f390b2fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98ddf2604ade2d954bf5ec193600d5274a43fd68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93f52fbeaf4b676b21acfe42a5152620e6770d02"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-stat.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6a55dab4ac956deb23690eedd74e70b892a378e7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "edd073c78d2bf48c5b8bf435bbc3d61d6e7c6c14",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "21e7d72d0cfcbae6042d498ea2e6f395311767f8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "512a01da7134bac8f8b373506011e8aaa3283854",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5f7fd6aa4c4877d77133ea86c14cf256f390b2fe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "98ddf2604ade2d954bf5ec193600d5274a43fd68",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "93f52fbeaf4b676b21acfe42a5152620e6770d02",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-stat.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: prevent division by zero in blk_rq_stat_sum()\n\nThe expression dst-\u003enr_samples + src-\u003enr_samples may\nhave zero value on overflow. It is necessary to add\na check to avoid division by zero.\n\nFound by Linux Verification Center (linuxtesting.org) with Svace."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:08:29.916Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6a55dab4ac956deb23690eedd74e70b892a378e7"
},
{
"url": "https://git.kernel.org/stable/c/edd073c78d2bf48c5b8bf435bbc3d61d6e7c6c14"
},
{
"url": "https://git.kernel.org/stable/c/b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c"
},
{
"url": "https://git.kernel.org/stable/c/21e7d72d0cfcbae6042d498ea2e6f395311767f8"
},
{
"url": "https://git.kernel.org/stable/c/512a01da7134bac8f8b373506011e8aaa3283854"
},
{
"url": "https://git.kernel.org/stable/c/5f7fd6aa4c4877d77133ea86c14cf256f390b2fe"
},
{
"url": "https://git.kernel.org/stable/c/98ddf2604ade2d954bf5ec193600d5274a43fd68"
},
{
"url": "https://git.kernel.org/stable/c/93f52fbeaf4b676b21acfe42a5152620e6770d02"
}
],
"title": "block: prevent division by zero in blk_rq_stat_sum()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35925",
"datePublished": "2024-05-19T10:10:35.708Z",
"dateReserved": "2024-05-17T13:50:33.126Z",
"dateUpdated": "2025-05-04T09:08:29.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52808 (GCVE-0-2023-52808)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs
If init debugfs failed during device registration due to memory allocation
failure, debugfs_remove_recursive() is called, after which debugfs_dir is
not set to NULL. debugfs_remove_recursive() will be called again during
device removal. As a result, illegal pointer is accessed.
[ 1665.467244] hisi_sas_v3_hw 0000:b4:02.0: failed to init debugfs!
...
[ 1669.836708] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0
[ 1669.872669] pc : down_write+0x24/0x70
[ 1669.876315] lr : down_write+0x1c/0x70
[ 1669.879961] sp : ffff000036f53a30
[ 1669.883260] x29: ffff000036f53a30 x28: ffffa027c31549f8
[ 1669.888547] x27: ffffa027c3140000 x26: 0000000000000000
[ 1669.893834] x25: ffffa027bf37c270 x24: ffffa027bf37c270
[ 1669.899122] x23: ffff0000095406b8 x22: ffff0000095406a8
[ 1669.904408] x21: 0000000000000000 x20: ffffa027bf37c310
[ 1669.909695] x19: 00000000000000a0 x18: ffff8027dcd86f10
[ 1669.914982] x17: 0000000000000000 x16: 0000000000000000
[ 1669.920268] x15: 0000000000000000 x14: ffffa0274014f870
[ 1669.925555] x13: 0000000000000040 x12: 0000000000000228
[ 1669.930842] x11: 0000000000000020 x10: 0000000000000bb0
[ 1669.936129] x9 : ffff000036f537f0 x8 : ffff80273088ca10
[ 1669.941416] x7 : 000000000000001d x6 : 00000000ffffffff
[ 1669.946702] x5 : ffff000008a36310 x4 : ffff80273088be00
[ 1669.951989] x3 : ffff000009513e90 x2 : 0000000000000000
[ 1669.957276] x1 : 00000000000000a0 x0 : ffffffff00000001
[ 1669.962563] Call trace:
[ 1669.965000] down_write+0x24/0x70
[ 1669.968301] debugfs_remove_recursive+0x5c/0x1b0
[ 1669.972905] hisi_sas_debugfs_exit+0x24/0x30 [hisi_sas_main]
[ 1669.978541] hisi_sas_v3_remove+0x130/0x150 [hisi_sas_v3_hw]
[ 1669.984175] pci_device_remove+0x48/0xd8
[ 1669.988082] device_release_driver_internal+0x1b4/0x250
[ 1669.993282] device_release_driver+0x28/0x38
[ 1669.997534] pci_stop_bus_device+0x84/0xb8
[ 1670.001611] pci_stop_and_remove_bus_device_locked+0x24/0x40
[ 1670.007244] remove_store+0xfc/0x140
[ 1670.010802] dev_attr_store+0x44/0x60
[ 1670.014448] sysfs_kf_write+0x58/0x80
[ 1670.018095] kernfs_fop_write+0xe8/0x1f0
[ 1670.022000] __vfs_write+0x60/0x190
[ 1670.025472] vfs_write+0xac/0x1c0
[ 1670.028771] ksys_write+0x6c/0xd8
[ 1670.032071] __arm64_sys_write+0x24/0x30
[ 1670.035977] el0_svc_common+0x78/0x130
[ 1670.039710] el0_svc_handler+0x38/0x78
[ 1670.043442] el0_svc+0x8/0xc
To fix this, set debugfs_dir to NULL after debugfs_remove_recursive().
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T19:30:55.612970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:03.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0bfc8a5561fb0b2c48183dcbfe00bdd6d973bd3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33331b265aac9441ac0c1a5442e3f05d038240ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75a2656260fe8c7eeabda6ff4600b29e183f48db"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4465009e7d60c6111946db4c8f1e50d401ed7be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6de426f9276c448e2db7238911c97fb157cb23be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/hisi_sas/hisi_sas_v3_hw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f0bfc8a5561fb0b2c48183dcbfe00bdd6d973bd3",
"status": "affected",
"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
"versionType": "git"
},
{
"lessThan": "33331b265aac9441ac0c1a5442e3f05d038240ec",
"status": "affected",
"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
"versionType": "git"
},
{
"lessThan": "75a2656260fe8c7eeabda6ff4600b29e183f48db",
"status": "affected",
"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
"versionType": "git"
},
{
"lessThan": "b4465009e7d60c6111946db4c8f1e50d401ed7be",
"status": "affected",
"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
"versionType": "git"
},
{
"lessThan": "6de426f9276c448e2db7238911c97fb157cb23be",
"status": "affected",
"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/hisi_sas/hisi_sas_v3_hw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs\n\nIf init debugfs failed during device registration due to memory allocation\nfailure, debugfs_remove_recursive() is called, after which debugfs_dir is\nnot set to NULL. debugfs_remove_recursive() will be called again during\ndevice removal. As a result, illegal pointer is accessed.\n\n[ 1665.467244] hisi_sas_v3_hw 0000:b4:02.0: failed to init debugfs!\n...\n[ 1669.836708] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0\n[ 1669.872669] pc : down_write+0x24/0x70\n[ 1669.876315] lr : down_write+0x1c/0x70\n[ 1669.879961] sp : ffff000036f53a30\n[ 1669.883260] x29: ffff000036f53a30 x28: ffffa027c31549f8\n[ 1669.888547] x27: ffffa027c3140000 x26: 0000000000000000\n[ 1669.893834] x25: ffffa027bf37c270 x24: ffffa027bf37c270\n[ 1669.899122] x23: ffff0000095406b8 x22: ffff0000095406a8\n[ 1669.904408] x21: 0000000000000000 x20: ffffa027bf37c310\n[ 1669.909695] x19: 00000000000000a0 x18: ffff8027dcd86f10\n[ 1669.914982] x17: 0000000000000000 x16: 0000000000000000\n[ 1669.920268] x15: 0000000000000000 x14: ffffa0274014f870\n[ 1669.925555] x13: 0000000000000040 x12: 0000000000000228\n[ 1669.930842] x11: 0000000000000020 x10: 0000000000000bb0\n[ 1669.936129] x9 : ffff000036f537f0 x8 : ffff80273088ca10\n[ 1669.941416] x7 : 000000000000001d x6 : 00000000ffffffff\n[ 1669.946702] x5 : ffff000008a36310 x4 : ffff80273088be00\n[ 1669.951989] x3 : ffff000009513e90 x2 : 0000000000000000\n[ 1669.957276] x1 : 00000000000000a0 x0 : ffffffff00000001\n[ 1669.962563] Call trace:\n[ 1669.965000] down_write+0x24/0x70\n[ 1669.968301] debugfs_remove_recursive+0x5c/0x1b0\n[ 1669.972905] hisi_sas_debugfs_exit+0x24/0x30 [hisi_sas_main]\n[ 1669.978541] hisi_sas_v3_remove+0x130/0x150 [hisi_sas_v3_hw]\n[ 1669.984175] pci_device_remove+0x48/0xd8\n[ 1669.988082] device_release_driver_internal+0x1b4/0x250\n[ 1669.993282] device_release_driver+0x28/0x38\n[ 1669.997534] pci_stop_bus_device+0x84/0xb8\n[ 1670.001611] pci_stop_and_remove_bus_device_locked+0x24/0x40\n[ 1670.007244] remove_store+0xfc/0x140\n[ 1670.010802] dev_attr_store+0x44/0x60\n[ 1670.014448] sysfs_kf_write+0x58/0x80\n[ 1670.018095] kernfs_fop_write+0xe8/0x1f0\n[ 1670.022000] __vfs_write+0x60/0x190\n[ 1670.025472] vfs_write+0xac/0x1c0\n[ 1670.028771] ksys_write+0x6c/0xd8\n[ 1670.032071] __arm64_sys_write+0x24/0x30\n[ 1670.035977] el0_svc_common+0x78/0x130\n[ 1670.039710] el0_svc_handler+0x38/0x78\n[ 1670.043442] el0_svc+0x8/0xc\n\nTo fix this, set debugfs_dir to NULL after debugfs_remove_recursive()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:34.814Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f0bfc8a5561fb0b2c48183dcbfe00bdd6d973bd3"
},
{
"url": "https://git.kernel.org/stable/c/33331b265aac9441ac0c1a5442e3f05d038240ec"
},
{
"url": "https://git.kernel.org/stable/c/75a2656260fe8c7eeabda6ff4600b29e183f48db"
},
{
"url": "https://git.kernel.org/stable/c/b4465009e7d60c6111946db4c8f1e50d401ed7be"
},
{
"url": "https://git.kernel.org/stable/c/6de426f9276c448e2db7238911c97fb157cb23be"
}
],
"title": "scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52808",
"datePublished": "2024-05-21T15:31:18.330Z",
"dateReserved": "2024-05-21T15:19:24.248Z",
"dateUpdated": "2025-05-04T07:43:34.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38388 (GCVE-0-2024-38388)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
Use the control private_free callback to free the associated data
block. This ensures that the memory won't leak, whatever way the
control gets destroyed.
The original implementation didn't actually remove the ALSA
controls in hda_cs_dsp_control_remove(). It only freed the internal
tracking structure. This meant it was possible to remove/unload the
amp driver while leaving its ALSA controls still present in the
soundcard. Obviously attempting to access them could cause segfaults
or at least dereferencing stale pointers.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:21:00.338175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:48:24.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/191dc1b2ff0fb35e7aff15a53224837637df8bff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e359be4975006ff72818e79dad8fe48293f2eb2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3291486af5636540980ea55bae985f3eaa5b0740"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/172811e3a557d8681a5e2d0f871dc04a2d17eb13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/pci/hda/hda_cs_dsp_ctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "191dc1b2ff0fb35e7aff15a53224837637df8bff",
"status": "affected",
"version": "3233b978af23f11b4ad4f7f11a9a64bd05702b1f",
"versionType": "git"
},
{
"lessThan": "6e359be4975006ff72818e79dad8fe48293f2eb2",
"status": "affected",
"version": "3233b978af23f11b4ad4f7f11a9a64bd05702b1f",
"versionType": "git"
},
{
"lessThan": "3291486af5636540980ea55bae985f3eaa5b0740",
"status": "affected",
"version": "3233b978af23f11b4ad4f7f11a9a64bd05702b1f",
"versionType": "git"
},
{
"lessThan": "172811e3a557d8681a5e2d0f871dc04a2d17eb13",
"status": "affected",
"version": "3233b978af23f11b4ad4f7f11a9a64bd05702b1f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/pci/hda/hda_cs_dsp_ctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda/cs_dsp_ctl: Use private_free for control cleanup\n\nUse the control private_free callback to free the associated data\nblock. This ensures that the memory won\u0027t leak, whatever way the\ncontrol gets destroyed.\n\nThe original implementation didn\u0027t actually remove the ALSA\ncontrols in hda_cs_dsp_control_remove(). It only freed the internal\ntracking structure. This meant it was possible to remove/unload the\namp driver while leaving its ALSA controls still present in the\nsoundcard. Obviously attempting to access them could cause segfaults\nor at least dereferencing stale pointers."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:30.195Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/191dc1b2ff0fb35e7aff15a53224837637df8bff"
},
{
"url": "https://git.kernel.org/stable/c/6e359be4975006ff72818e79dad8fe48293f2eb2"
},
{
"url": "https://git.kernel.org/stable/c/3291486af5636540980ea55bae985f3eaa5b0740"
},
{
"url": "https://git.kernel.org/stable/c/172811e3a557d8681a5e2d0f871dc04a2d17eb13"
}
],
"title": "ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38388",
"datePublished": "2024-06-21T10:18:12.995Z",
"dateReserved": "2024-06-21T10:12:11.500Z",
"dateUpdated": "2025-05-04T09:13:30.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52788 (GCVE-0-2023-52788)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i915/perf: Fix NULL deref bugs with drm_dbg() calls
When i915 perf interface is not available dereferencing it will lead to
NULL dereferences.
As returning -ENOTSUPP is pretty clear return when perf interface is not
available.
[tursulin: added stable tag]
(cherry picked from commit 36f27350ff745bd228ab04d7845dfbffc177a889)
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:27:01.312532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:43.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1566e8be73fd5fa424e88d2a4cffdc34f970f0e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55db76caa782baa4a1bf02296e2773c38a524a3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bf8e105030083e7b71591cdf437e464bcd8a0c09"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10f49cdfd5fb342a1a9641930dc040c570694e98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/471aa951bf1206d3c10d0daa67005b8e4db4ff83"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/i915_perf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1566e8be73fd5fa424e88d2a4cffdc34f970f0e1",
"status": "affected",
"version": "9b344cf6aea0a69c00e19efdc6e02c6d5aae1a23",
"versionType": "git"
},
{
"lessThan": "55db76caa782baa4a1bf02296e2773c38a524a3e",
"status": "affected",
"version": "2fec539112e89255b6a47f566e21d99937fada7b",
"versionType": "git"
},
{
"lessThan": "bf8e105030083e7b71591cdf437e464bcd8a0c09",
"status": "affected",
"version": "2fec539112e89255b6a47f566e21d99937fada7b",
"versionType": "git"
},
{
"lessThan": "10f49cdfd5fb342a1a9641930dc040c570694e98",
"status": "affected",
"version": "2fec539112e89255b6a47f566e21d99937fada7b",
"versionType": "git"
},
{
"lessThan": "471aa951bf1206d3c10d0daa67005b8e4db4ff83",
"status": "affected",
"version": "2fec539112e89255b6a47f566e21d99937fada7b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/i915_perf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "5.15.108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni915/perf: Fix NULL deref bugs with drm_dbg() calls\n\nWhen i915 perf interface is not available dereferencing it will lead to\nNULL dereferences.\n\nAs returning -ENOTSUPP is pretty clear return when perf interface is not\navailable.\n\n[tursulin: added stable tag]\n(cherry picked from commit 36f27350ff745bd228ab04d7845dfbffc177a889)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:13.520Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1566e8be73fd5fa424e88d2a4cffdc34f970f0e1"
},
{
"url": "https://git.kernel.org/stable/c/55db76caa782baa4a1bf02296e2773c38a524a3e"
},
{
"url": "https://git.kernel.org/stable/c/bf8e105030083e7b71591cdf437e464bcd8a0c09"
},
{
"url": "https://git.kernel.org/stable/c/10f49cdfd5fb342a1a9641930dc040c570694e98"
},
{
"url": "https://git.kernel.org/stable/c/471aa951bf1206d3c10d0daa67005b8e4db4ff83"
}
],
"title": "i915/perf: Fix NULL deref bugs with drm_dbg() calls",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52788",
"datePublished": "2024-05-21T15:31:04.980Z",
"dateReserved": "2024-05-21T15:19:24.241Z",
"dateUpdated": "2025-05-04T07:43:13.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26750 (GCVE-0-2024-26750)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Drop oob_skb ref before purging queue in GC.
syzbot reported another task hung in __unix_gc(). [0]
The current while loop assumes that all of the left candidates
have oob_skb and calling kfree_skb(oob_skb) releases the remaining
candidates.
However, I missed a case that oob_skb has self-referencing fd and
another fd and the latter sk is placed before the former in the
candidate list. Then, the while loop never proceeds, resulting
the task hung.
__unix_gc() has the same loop just before purging the collected skb,
so we can call kfree_skb(oob_skb) there and let __skb_queue_purge()
release all inflight sockets.
[0]:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 2784 Comm: kworker/u4:8 Not tainted 6.8.0-rc4-syzkaller-01028-g71b605d32017 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Workqueue: events_unbound __unix_gc
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:200
Code: 89 fb e8 23 00 00 00 48 8b 3d 84 f5 1a 0c 48 89 de 5b e9 43 26 57 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0d 90 52 70 7e 65 8b 15 91 52 70
RSP: 0018:ffffc9000a17fa78 EFLAGS: 00000287
RAX: ffffffff8a0a6108 RBX: ffff88802b6c2640 RCX: ffff88802c0b3b80
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
RBP: ffffc9000a17fbf0 R08: ffffffff89383f1d R09: 1ffff1100ee5ff84
R10: dffffc0000000000 R11: ffffed100ee5ff85 R12: 1ffff110056d84ee
R13: ffffc9000a17fae0 R14: 0000000000000000 R15: ffffffff8f47b840
FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffef5687ff8 CR3: 0000000029b34000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
__unix_gc+0xe69/0xf40 net/unix/garbage.c:343
process_one_work kernel/workqueue.c:2633 [inline]
process_scheduled_works+0x913/0x1420 kernel/workqueue.c:2706
worker_thread+0xa5f/0x1000 kernel/workqueue.c:2787
kthread+0x2ef/0x390 kernel/kthread.c:388
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242
</TASK>
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c480d0f131862645d172ca9e25dc152b1a5c3a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4c795b21dd23d9514ae1c6646c3fb2c78b5be60"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9eac260369d0cf57ea53df95427125725507a0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43ba9e331559a30000c862eea313248707afa787"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa82ac51d63328714645c827775d64dbfd9941f3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:51:11.547250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:53.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/unix/garbage.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6c480d0f131862645d172ca9e25dc152b1a5c3a6",
"status": "affected",
"version": "36f7371de977f805750748e80279be7e370df85c",
"versionType": "git"
},
{
"lessThan": "c4c795b21dd23d9514ae1c6646c3fb2c78b5be60",
"status": "affected",
"version": "2a3d40b4025fcfe51b04924979f1653993b17669",
"versionType": "git"
},
{
"lessThan": "e9eac260369d0cf57ea53df95427125725507a0d",
"status": "affected",
"version": "69e0f04460f4037e01e29f0d9675544f62aafca3",
"versionType": "git"
},
{
"lessThan": "43ba9e331559a30000c862eea313248707afa787",
"status": "affected",
"version": "cb8890318dde26fc89c6ea67d6e9070ab50b6e91",
"versionType": "git"
},
{
"lessThan": "aa82ac51d63328714645c827775d64dbfd9941f3",
"status": "affected",
"version": "25236c91b5ab4a26a56ba2e79b8060cf4e047839",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/unix/garbage.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.15.151",
"status": "affected",
"version": "5.15.149",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.15.149",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Drop oob_skb ref before purging queue in GC.\n\nsyzbot reported another task hung in __unix_gc(). [0]\n\nThe current while loop assumes that all of the left candidates\nhave oob_skb and calling kfree_skb(oob_skb) releases the remaining\ncandidates.\n\nHowever, I missed a case that oob_skb has self-referencing fd and\nanother fd and the latter sk is placed before the former in the\ncandidate list. Then, the while loop never proceeds, resulting\nthe task hung.\n\n__unix_gc() has the same loop just before purging the collected skb,\nso we can call kfree_skb(oob_skb) there and let __skb_queue_purge()\nrelease all inflight sockets.\n\n[0]:\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 2784 Comm: kworker/u4:8 Not tainted 6.8.0-rc4-syzkaller-01028-g71b605d32017 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nWorkqueue: events_unbound __unix_gc\nRIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:200\nCode: 89 fb e8 23 00 00 00 48 8b 3d 84 f5 1a 0c 48 89 de 5b e9 43 26 57 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 \u003cf3\u003e 0f 1e fa 48 8b 04 24 65 48 8b 0d 90 52 70 7e 65 8b 15 91 52 70\nRSP: 0018:ffffc9000a17fa78 EFLAGS: 00000287\nRAX: ffffffff8a0a6108 RBX: ffff88802b6c2640 RCX: ffff88802c0b3b80\nRDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000\nRBP: ffffc9000a17fbf0 R08: ffffffff89383f1d R09: 1ffff1100ee5ff84\nR10: dffffc0000000000 R11: ffffed100ee5ff85 R12: 1ffff110056d84ee\nR13: ffffc9000a17fae0 R14: 0000000000000000 R15: ffffffff8f47b840\nFS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffef5687ff8 CR3: 0000000029b34000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cTASK\u003e\n __unix_gc+0xe69/0xf40 net/unix/garbage.c:343\n process_one_work kernel/workqueue.c:2633 [inline]\n process_scheduled_works+0x913/0x1420 kernel/workqueue.c:2706\n worker_thread+0xa5f/0x1000 kernel/workqueue.c:2787\n kthread+0x2ef/0x390 kernel/kthread.c:388\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:39.291Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6c480d0f131862645d172ca9e25dc152b1a5c3a6"
},
{
"url": "https://git.kernel.org/stable/c/c4c795b21dd23d9514ae1c6646c3fb2c78b5be60"
},
{
"url": "https://git.kernel.org/stable/c/e9eac260369d0cf57ea53df95427125725507a0d"
},
{
"url": "https://git.kernel.org/stable/c/43ba9e331559a30000c862eea313248707afa787"
},
{
"url": "https://git.kernel.org/stable/c/aa82ac51d63328714645c827775d64dbfd9941f3"
}
],
"title": "af_unix: Drop oob_skb ref before purging queue in GC.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26750",
"datePublished": "2024-04-04T08:20:14.494Z",
"dateReserved": "2024-02-19T14:20:24.169Z",
"dateUpdated": "2025-05-04T08:55:39.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27419 (GCVE-0-2024-27419)
Vulnerability from cvelistv5
Published
2024-05-17 12:01
Modified
2025-05-04 09:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netrom: Fix data-races around sysctl_net_busy_read
We need to protect the reader reading the sysctl value because the
value can be changed concurrently.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:13:24.653763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:48.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc2d60ad4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d380ce70058a4ccddc3e5f5c2063165dc07672c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netrom/af_netrom.c",
"net/netrom/nr_in.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d623fd5298d95b65d27ef5a618ebf39541074856",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f9055fa2b2931261d5f89948ee5bc315b6a22d4a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0866afaff19d8460308b022345ed116a12b1d0e1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "43464808669ba9d23996f0b6d875450191687caf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "34cab94f7473e7b09f5205d4583fb5096cb63b5b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "16d71319e29d5825ab53f263b59fdd8dc2d60ad4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d380ce70058a4ccddc3e5f5c2063165dc07672c6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netrom/af_netrom.c",
"net/netrom/nr_in.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.310",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.310",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.272",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.22",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Fix data-races around sysctl_net_busy_read\n\nWe need to protect the reader reading the sysctl value because the\nvalue can be changed concurrently."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:04:45.518Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856"
},
{
"url": "https://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a"
},
{
"url": "https://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3"
},
{
"url": "https://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1"
},
{
"url": "https://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf"
},
{
"url": "https://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b"
},
{
"url": "https://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc2d60ad4"
},
{
"url": "https://git.kernel.org/stable/c/d380ce70058a4ccddc3e5f5c2063165dc07672c6"
}
],
"title": "netrom: Fix data-races around sysctl_net_busy_read",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27419",
"datePublished": "2024-05-17T12:01:27.871Z",
"dateReserved": "2024-02-25T13:47:42.683Z",
"dateUpdated": "2025-05-04T09:04:45.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38597 (GCVE-0-2024-38597)
Vulnerability from cvelistv5
Published
2024-06-19 13:45
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
eth: sungem: remove .ndo_poll_controller to avoid deadlocks
Erhard reports netpoll warnings from sungem:
netpoll_send_skb_on_dev(): eth0 enabled interrupts in poll (gem_start_xmit+0x0/0x398)
WARNING: CPU: 1 PID: 1 at net/core/netpoll.c:370 netpoll_send_skb+0x1fc/0x20c
gem_poll_controller() disables interrupts, which may sleep.
We can't sleep in netpoll, it has interrupts disabled completely.
Strangely, gem_poll_controller() doesn't even poll the completions,
and instead acts as if an interrupt has fired so it just schedules
NAPI and exits. None of this has been necessary for years, since
netpoll invokes NAPI directly.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fe09bb619096a0aa139210748ddc668c2dbe2308 Version: fe09bb619096a0aa139210748ddc668c2dbe2308 Version: fe09bb619096a0aa139210748ddc668c2dbe2308 Version: fe09bb619096a0aa139210748ddc668c2dbe2308 Version: fe09bb619096a0aa139210748ddc668c2dbe2308 Version: fe09bb619096a0aa139210748ddc668c2dbe2308 Version: fe09bb619096a0aa139210748ddc668c2dbe2308 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e22b23f5888a065d084e87db1eec639c445e677f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fbeeb55dbb33d562149c57e794f06b7414e44289"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/476adb3bbbd7886e8251d3b9ce2d3c3e680f35d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5de5aeb98f9a000adb0db184e32765e4815d860b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/faf94f1eb8a34b2c31b2042051ef36f63420ecce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6400d205fbbcbcf9b8510157e1f379c1d7e2e937"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac0a230f719b02432d8c7eba7615ebd691da86f4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:34.120030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:54.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/sun/sungem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e22b23f5888a065d084e87db1eec639c445e677f",
"status": "affected",
"version": "fe09bb619096a0aa139210748ddc668c2dbe2308",
"versionType": "git"
},
{
"lessThan": "fbeeb55dbb33d562149c57e794f06b7414e44289",
"status": "affected",
"version": "fe09bb619096a0aa139210748ddc668c2dbe2308",
"versionType": "git"
},
{
"lessThan": "476adb3bbbd7886e8251d3b9ce2d3c3e680f35d6",
"status": "affected",
"version": "fe09bb619096a0aa139210748ddc668c2dbe2308",
"versionType": "git"
},
{
"lessThan": "5de5aeb98f9a000adb0db184e32765e4815d860b",
"status": "affected",
"version": "fe09bb619096a0aa139210748ddc668c2dbe2308",
"versionType": "git"
},
{
"lessThan": "faf94f1eb8a34b2c31b2042051ef36f63420ecce",
"status": "affected",
"version": "fe09bb619096a0aa139210748ddc668c2dbe2308",
"versionType": "git"
},
{
"lessThan": "6400d205fbbcbcf9b8510157e1f379c1d7e2e937",
"status": "affected",
"version": "fe09bb619096a0aa139210748ddc668c2dbe2308",
"versionType": "git"
},
{
"lessThan": "ac0a230f719b02432d8c7eba7615ebd691da86f4",
"status": "affected",
"version": "fe09bb619096a0aa139210748ddc668c2dbe2308",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/sun/sungem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.1"
},
{
"lessThan": "3.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: sungem: remove .ndo_poll_controller to avoid deadlocks\n\nErhard reports netpoll warnings from sungem:\n\n netpoll_send_skb_on_dev(): eth0 enabled interrupts in poll (gem_start_xmit+0x0/0x398)\n WARNING: CPU: 1 PID: 1 at net/core/netpoll.c:370 netpoll_send_skb+0x1fc/0x20c\n\ngem_poll_controller() disables interrupts, which may sleep.\nWe can\u0027t sleep in netpoll, it has interrupts disabled completely.\nStrangely, gem_poll_controller() doesn\u0027t even poll the completions,\nand instead acts as if an interrupt has fired so it just schedules\nNAPI and exits. None of this has been necessary for years, since\nnetpoll invokes NAPI directly."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:56.347Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e22b23f5888a065d084e87db1eec639c445e677f"
},
{
"url": "https://git.kernel.org/stable/c/fbeeb55dbb33d562149c57e794f06b7414e44289"
},
{
"url": "https://git.kernel.org/stable/c/476adb3bbbd7886e8251d3b9ce2d3c3e680f35d6"
},
{
"url": "https://git.kernel.org/stable/c/5de5aeb98f9a000adb0db184e32765e4815d860b"
},
{
"url": "https://git.kernel.org/stable/c/faf94f1eb8a34b2c31b2042051ef36f63420ecce"
},
{
"url": "https://git.kernel.org/stable/c/6400d205fbbcbcf9b8510157e1f379c1d7e2e937"
},
{
"url": "https://git.kernel.org/stable/c/ac0a230f719b02432d8c7eba7615ebd691da86f4"
}
],
"title": "eth: sungem: remove .ndo_poll_controller to avoid deadlocks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38597",
"datePublished": "2024-06-19T13:45:46.642Z",
"dateReserved": "2024-06-18T19:36:34.932Z",
"dateUpdated": "2025-05-04T09:14:56.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39471 (GCVE-0-2024-39471)
Vulnerability from cvelistv5
Published
2024-06-25 14:28
Modified
2025-05-21 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: add error handle to avoid out-of-bounds
if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should
be stop to avoid out-of-bounds read, so directly return -EINVAL.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9 Version: 7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9 Version: 7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9 Version: 7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9 Version: 7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9 Version: 7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9 Version: 7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:07:48.948392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:41.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5594971e02764aa1c8210ffb838cb4e7897716e8",
"status": "affected",
"version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9",
"versionType": "git"
},
{
"lessThan": "8112fa72b7f139052843ff484130d6f97e9f052f",
"status": "affected",
"version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9",
"versionType": "git"
},
{
"lessThan": "ea906e9ac61e3152bef63597f2d9f4a812fc346a",
"status": "affected",
"version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9",
"versionType": "git"
},
{
"lessThan": "011552f29f20842c9a7a21bffe1f6a2d6457ba46",
"status": "affected",
"version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9",
"versionType": "git"
},
{
"lessThan": "5b0a3dc3e87821acb80e841b464d335aff242691",
"status": "affected",
"version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9",
"versionType": "git"
},
{
"lessThan": "0964c84b93db7fbf74f357c1e20957850e092db3",
"status": "affected",
"version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9",
"versionType": "git"
},
{
"lessThan": "8b2faf1a4f3b6c748c0da36cda865a226534d520",
"status": "affected",
"version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.94",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.34",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.5",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add error handle to avoid out-of-bounds\n\nif the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should\nbe stop to avoid out-of-bounds read, so directly return -EINVAL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:12:46.024Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8"
},
{
"url": "https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f"
},
{
"url": "https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a"
},
{
"url": "https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46"
},
{
"url": "https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691"
},
{
"url": "https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3"
},
{
"url": "https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520"
}
],
"title": "drm/amdgpu: add error handle to avoid out-of-bounds",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39471",
"datePublished": "2024-06-25T14:28:56.906Z",
"dateReserved": "2024-06-25T14:23:23.745Z",
"dateUpdated": "2025-05-21T09:12:46.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36478 (GCVE-0-2024-36478)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
Writing 'power' and 'submit_queues' concurrently will trigger kernel
panic:
Test script:
modprobe null_blk nr_devices=0
mkdir -p /sys/kernel/config/nullb/nullb0
while true; do echo 1 > submit_queues; echo 4 > submit_queues; done &
while true; do echo 1 > power; echo 0 > power; done
Test result:
BUG: kernel NULL pointer dereference, address: 0000000000000148
Oops: 0000 [#1] PREEMPT SMP
RIP: 0010:__lock_acquire+0x41d/0x28f0
Call Trace:
<TASK>
lock_acquire+0x121/0x450
down_write+0x5f/0x1d0
simple_recursive_removal+0x12f/0x5c0
blk_mq_debugfs_unregister_hctxs+0x7c/0x100
blk_mq_update_nr_hw_queues+0x4a3/0x720
nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]
nullb_device_submit_queues_store+0x79/0xf0 [null_blk]
configfs_write_iter+0x119/0x1e0
vfs_write+0x326/0x730
ksys_write+0x74/0x150
This is because del_gendisk() can concurrent with
blk_mq_update_nr_hw_queues():
nullb_device_power_store nullb_apply_submit_queues
null_del_dev
del_gendisk
nullb_update_nr_hw_queues
if (!dev->nullb)
// still set while gendisk is deleted
return 0
blk_mq_update_nr_hw_queues
dev->nullb = NULL
Fix this problem by resuing the global mutex to protect
nullb_device_power_store() and nullb_update_nr_hw_queues() from configfs.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d0495473ee4c1d041b5a917f10446a22c047f47"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2db328b0839312c169eb42746ec46fc1ab53ed2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:31.490057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:45.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/null_blk/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1d4c8baef435c98e8d5aa7027dc5a9f70834ba16",
"status": "affected",
"version": "45919fbfe1c487c17ea1d198534339a5e8abeae3",
"versionType": "git"
},
{
"lessThan": "aaadb755f2d684f715a6eb85cb7243aa0c67dfa9",
"status": "affected",
"version": "45919fbfe1c487c17ea1d198534339a5e8abeae3",
"versionType": "git"
},
{
"lessThan": "5d0495473ee4c1d041b5a917f10446a22c047f47",
"status": "affected",
"version": "45919fbfe1c487c17ea1d198534339a5e8abeae3",
"versionType": "git"
},
{
"lessThan": "a2db328b0839312c169eb42746ec46fc1ab53ed2",
"status": "affected",
"version": "45919fbfe1c487c17ea1d198534339a5e8abeae3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/null_blk/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.119",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.119",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix null-ptr-dereference while configuring \u0027power\u0027 and \u0027submit_queues\u0027\n\nWriting \u0027power\u0027 and \u0027submit_queues\u0027 concurrently will trigger kernel\npanic:\n\nTest script:\n\nmodprobe null_blk nr_devices=0\nmkdir -p /sys/kernel/config/nullb/nullb0\nwhile true; do echo 1 \u003e submit_queues; echo 4 \u003e submit_queues; done \u0026\nwhile true; do echo 1 \u003e power; echo 0 \u003e power; done\n\nTest result:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000148\nOops: 0000 [#1] PREEMPT SMP\nRIP: 0010:__lock_acquire+0x41d/0x28f0\nCall Trace:\n \u003cTASK\u003e\n lock_acquire+0x121/0x450\n down_write+0x5f/0x1d0\n simple_recursive_removal+0x12f/0x5c0\n blk_mq_debugfs_unregister_hctxs+0x7c/0x100\n blk_mq_update_nr_hw_queues+0x4a3/0x720\n nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]\n nullb_device_submit_queues_store+0x79/0xf0 [null_blk]\n configfs_write_iter+0x119/0x1e0\n vfs_write+0x326/0x730\n ksys_write+0x74/0x150\n\nThis is because del_gendisk() can concurrent with\nblk_mq_update_nr_hw_queues():\n\nnullb_device_power_store\tnullb_apply_submit_queues\n null_del_dev\n del_gendisk\n\t\t\t\t nullb_update_nr_hw_queues\n\t\t\t\t if (!dev-\u003enullb)\n\t\t\t\t // still set while gendisk is deleted\n\t\t\t\t return 0\n\t\t\t\t blk_mq_update_nr_hw_queues\n dev-\u003enullb = NULL\n\nFix this problem by resuing the global mutex to protect\nnullb_device_power_store() and nullb_update_nr_hw_queues() from configfs."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:07.932Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1d4c8baef435c98e8d5aa7027dc5a9f70834ba16"
},
{
"url": "https://git.kernel.org/stable/c/aaadb755f2d684f715a6eb85cb7243aa0c67dfa9"
},
{
"url": "https://git.kernel.org/stable/c/5d0495473ee4c1d041b5a917f10446a22c047f47"
},
{
"url": "https://git.kernel.org/stable/c/a2db328b0839312c169eb42746ec46fc1ab53ed2"
}
],
"title": "null_blk: fix null-ptr-dereference while configuring \u0027power\u0027 and \u0027submit_queues\u0027",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36478",
"datePublished": "2024-06-21T10:18:09.027Z",
"dateReserved": "2024-06-21T10:13:16.284Z",
"dateUpdated": "2025-05-04T09:11:07.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38540 (GCVE-0-2024-38540)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-07 19:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
Undefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called
with hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0.
In that case, "roundup_pow_of_two(hwq_attr->aux_stride)" gets called.
roundup_pow_of_two is documented as undefined for 0.
Fix it in the one caller that had this combination.
The undefined behavior was detected by UBSAN:
UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13
shift exponent 64 is too large for 64-bit type 'long unsigned int'
CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4
Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023
Call Trace:
<TASK>
dump_stack_lvl+0x5d/0x80
ubsan_epilogue+0x5/0x30
__ubsan_handle_shift_out_of_bounds.cold+0x61/0xec
__roundup_pow_of_two+0x25/0x35 [bnxt_re]
bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re]
bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re]
bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re]
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
? __kmalloc+0x1b6/0x4f0
? create_qp.part.0+0x128/0x1c0 [ib_core]
? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re]
create_qp.part.0+0x128/0x1c0 [ib_core]
ib_create_qp_kernel+0x50/0xd0 [ib_core]
create_mad_qp+0x8e/0xe0 [ib_core]
? __pfx_qp_event_handler+0x10/0x10 [ib_core]
ib_mad_init_device+0x2be/0x680 [ib_core]
add_client_context+0x10d/0x1a0 [ib_core]
enable_device_and_get+0xe0/0x1d0 [ib_core]
ib_register_device+0x53c/0x630 [ib_core]
? srso_alias_return_thunk+0x5/0xfbef5
bnxt_re_probe+0xbd8/0xe50 [bnxt_re]
? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re]
auxiliary_bus_probe+0x49/0x80
? driver_sysfs_add+0x57/0xc0
really_probe+0xde/0x340
? pm_runtime_barrier+0x54/0x90
? __pfx___driver_attach+0x10/0x10
__driver_probe_device+0x78/0x110
driver_probe_device+0x1f/0xa0
__driver_attach+0xba/0x1c0
bus_for_each_dev+0x8f/0xe0
bus_add_driver+0x146/0x220
driver_register+0x72/0xd0
__auxiliary_driver_register+0x6e/0xd0
? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]
bnxt_re_mod_init+0x3e/0xff0 [bnxt_re]
? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]
do_one_initcall+0x5b/0x310
do_init_module+0x90/0x250
init_module_from_file+0x86/0xc0
idempotent_init_module+0x121/0x2b0
__x64_sys_finit_module+0x5e/0xb0
do_syscall_64+0x82/0x160
? srso_alias_return_thunk+0x5/0xfbef5
? syscall_exit_to_user_mode_prepare+0x149/0x170
? srso_alias_return_thunk+0x5/0xfbef5
? syscall_exit_to_user_mode+0x75/0x230
? srso_alias_return_thunk+0x5/0xfbef5
? do_syscall_64+0x8e/0x160
? srso_alias_return_thunk+0x5/0xfbef5
? __count_memcg_events+0x69/0x100
? srso_alias_return_thunk+0x5/0xfbef5
? count_memcg_events.constprop.0+0x1a/0x30
? srso_alias_return_thunk+0x5/0xfbef5
? handle_mm_fault+0x1f0/0x300
? srso_alias_return_thunk+0x5/0xfbef5
? do_user_addr_fault+0x34e/0x640
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f4e5132821d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d
RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b
RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0
R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d
R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60
</TASK>
---[ end trace ]---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0c4dcd602817502bb3dced7a834a13ef717d65a4 Version: 0c4dcd602817502bb3dced7a834a13ef717d65a4 Version: 0c4dcd602817502bb3dced7a834a13ef717d65a4 Version: 0c4dcd602817502bb3dced7a834a13ef717d65a4 Version: 0c4dcd602817502bb3dced7a834a13ef717d65a4 Version: 0c4dcd602817502bb3dced7a834a13ef717d65a4 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:37:42.492444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:54:28.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a658f011d89dd20cf2c7cb4760ffd79201700b98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/627493443f3a8458cb55cdae1da254a7001123bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b799c00cea6fcfe5b501bbaeb228c8821acb753"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/78cfd17142ef70599d6409cbd709d94b3da58659"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/bnxt_re/qplib_fp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "66a9937187ac9b5c5ffff07b8b284483e56804d1",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "84d2f29152184f0d72ed7c9648c4ee6927df4e59",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "a658f011d89dd20cf2c7cb4760ffd79201700b98",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "627493443f3a8458cb55cdae1da254a7001123bc",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "8b799c00cea6fcfe5b501bbaeb228c8821acb753",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "78cfd17142ef70599d6409cbd709d94b3da58659",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/bnxt_re/qplib_fp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq\n\nUndefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called\nwith hwq_attr-\u003eaux_depth != 0 and hwq_attr-\u003eaux_stride == 0.\nIn that case, \"roundup_pow_of_two(hwq_attr-\u003eaux_stride)\" gets called.\nroundup_pow_of_two is documented as undefined for 0.\n\nFix it in the one caller that had this combination.\n\nThe undefined behavior was detected by UBSAN:\n UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13\n shift exponent 64 is too large for 64-bit type \u0027long unsigned int\u0027\n CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4\n Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ubsan_epilogue+0x5/0x30\n __ubsan_handle_shift_out_of_bounds.cold+0x61/0xec\n __roundup_pow_of_two+0x25/0x35 [bnxt_re]\n bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re]\n bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re]\n bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re]\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? __kmalloc+0x1b6/0x4f0\n ? create_qp.part.0+0x128/0x1c0 [ib_core]\n ? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re]\n create_qp.part.0+0x128/0x1c0 [ib_core]\n ib_create_qp_kernel+0x50/0xd0 [ib_core]\n create_mad_qp+0x8e/0xe0 [ib_core]\n ? __pfx_qp_event_handler+0x10/0x10 [ib_core]\n ib_mad_init_device+0x2be/0x680 [ib_core]\n add_client_context+0x10d/0x1a0 [ib_core]\n enable_device_and_get+0xe0/0x1d0 [ib_core]\n ib_register_device+0x53c/0x630 [ib_core]\n ? srso_alias_return_thunk+0x5/0xfbef5\n bnxt_re_probe+0xbd8/0xe50 [bnxt_re]\n ? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re]\n auxiliary_bus_probe+0x49/0x80\n ? driver_sysfs_add+0x57/0xc0\n really_probe+0xde/0x340\n ? pm_runtime_barrier+0x54/0x90\n ? __pfx___driver_attach+0x10/0x10\n __driver_probe_device+0x78/0x110\n driver_probe_device+0x1f/0xa0\n __driver_attach+0xba/0x1c0\n bus_for_each_dev+0x8f/0xe0\n bus_add_driver+0x146/0x220\n driver_register+0x72/0xd0\n __auxiliary_driver_register+0x6e/0xd0\n ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n bnxt_re_mod_init+0x3e/0xff0 [bnxt_re]\n ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n do_one_initcall+0x5b/0x310\n do_init_module+0x90/0x250\n init_module_from_file+0x86/0xc0\n idempotent_init_module+0x121/0x2b0\n __x64_sys_finit_module+0x5e/0xb0\n do_syscall_64+0x82/0x160\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? syscall_exit_to_user_mode_prepare+0x149/0x170\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? syscall_exit_to_user_mode+0x75/0x230\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? do_syscall_64+0x8e/0x160\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? __count_memcg_events+0x69/0x100\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? count_memcg_events.constprop.0+0x1a/0x30\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? handle_mm_fault+0x1f0/0x300\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? do_user_addr_fault+0x34e/0x640\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f4e5132821d\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48\n RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d\n RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b\n RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0\n R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d\n R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60\n \u003c/TASK\u003e\n ---[ end trace ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:35.237Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/66a9937187ac9b5c5ffff07b8b284483e56804d1"
},
{
"url": "https://git.kernel.org/stable/c/84d2f29152184f0d72ed7c9648c4ee6927df4e59"
},
{
"url": "https://git.kernel.org/stable/c/a658f011d89dd20cf2c7cb4760ffd79201700b98"
},
{
"url": "https://git.kernel.org/stable/c/627493443f3a8458cb55cdae1da254a7001123bc"
},
{
"url": "https://git.kernel.org/stable/c/8b799c00cea6fcfe5b501bbaeb228c8821acb753"
},
{
"url": "https://git.kernel.org/stable/c/78cfd17142ef70599d6409cbd709d94b3da58659"
}
],
"title": "bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38540",
"datePublished": "2024-06-19T13:35:15.823Z",
"dateReserved": "2024-06-18T19:36:34.918Z",
"dateUpdated": "2025-05-07T19:54:28.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38555 (GCVE-0-2024-38555)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Discard command completions in internal error
Fix use after free when FW completion arrives while device is in
internal error state. Avoid calling completion handler in this case,
since the device will flush the command interface and trigger all
completions manually.
Kernel log:
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
...
RIP: 0010:refcount_warn_saturate+0xd8/0xe0
...
Call Trace:
<IRQ>
? __warn+0x79/0x120
? refcount_warn_saturate+0xd8/0xe0
? report_bug+0x17c/0x190
? handle_bug+0x3c/0x60
? exc_invalid_op+0x14/0x70
? asm_exc_invalid_op+0x16/0x20
? refcount_warn_saturate+0xd8/0xe0
cmd_ent_put+0x13b/0x160 [mlx5_core]
mlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]
cmd_comp_notifier+0x1f/0x30 [mlx5_core]
notifier_call_chain+0x35/0xb0
atomic_notifier_call_chain+0x16/0x20
mlx5_eq_async_int+0xf6/0x290 [mlx5_core]
notifier_call_chain+0x35/0xb0
atomic_notifier_call_chain+0x16/0x20
irq_int_handler+0x19/0x30 [mlx5_core]
__handle_irq_event_percpu+0x4b/0x160
handle_irq_event+0x2e/0x80
handle_edge_irq+0x98/0x230
__common_interrupt+0x3b/0xa0
common_interrupt+0x7b/0xa0
</IRQ>
<TASK>
asm_common_interrupt+0x22/0x40
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 27c79b3a9212cf4ba634c157e07d29548181a208 Version: 51d138c2610a236c1ed0059d034ee4c74f452b86 Version: 51d138c2610a236c1ed0059d034ee4c74f452b86 Version: 51d138c2610a236c1ed0059d034ee4c74f452b86 Version: 51d138c2610a236c1ed0059d034ee4c74f452b86 Version: 51d138c2610a236c1ed0059d034ee4c74f452b86 Version: 51d138c2610a236c1ed0059d034ee4c74f452b86 Version: 2e5d24b3bf091802c5456dc8f8f6a6be4493c8ca |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:41.121534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:56.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/cmd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f6fbb8535e990f844371086ab2c1221f71f993d3",
"status": "affected",
"version": "27c79b3a9212cf4ba634c157e07d29548181a208",
"versionType": "git"
},
{
"lessThan": "3cb92b0ad73d3f1734e812054e698d655e9581b0",
"status": "affected",
"version": "51d138c2610a236c1ed0059d034ee4c74f452b86",
"versionType": "git"
},
{
"lessThan": "bf8aaf0ae01c27ae3c06aa8610caf91e50393396",
"status": "affected",
"version": "51d138c2610a236c1ed0059d034ee4c74f452b86",
"versionType": "git"
},
{
"lessThan": "1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb",
"status": "affected",
"version": "51d138c2610a236c1ed0059d034ee4c74f452b86",
"versionType": "git"
},
{
"lessThan": "1d5dce5e92a70274de67a59e1e674c3267f94cd7",
"status": "affected",
"version": "51d138c2610a236c1ed0059d034ee4c74f452b86",
"versionType": "git"
},
{
"lessThan": "7ac4c69c34240c6de820492c0a28a0bd1494265a",
"status": "affected",
"version": "51d138c2610a236c1ed0059d034ee4c74f452b86",
"versionType": "git"
},
{
"lessThan": "db9b31aa9bc56ff0d15b78f7e827d61c4a096e40",
"status": "affected",
"version": "51d138c2610a236c1ed0059d034ee4c74f452b86",
"versionType": "git"
},
{
"status": "affected",
"version": "2e5d24b3bf091802c5456dc8f8f6a6be4493c8ca",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/cmd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.10.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Discard command completions in internal error\n\nFix use after free when FW completion arrives while device is in\ninternal error state. Avoid calling completion handler in this case,\nsince the device will flush the command interface and trigger all\ncompletions manually.\n\nKernel log:\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\n...\nRIP: 0010:refcount_warn_saturate+0xd8/0xe0\n...\nCall Trace:\n\u003cIRQ\u003e\n? __warn+0x79/0x120\n? refcount_warn_saturate+0xd8/0xe0\n? report_bug+0x17c/0x190\n? handle_bug+0x3c/0x60\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? refcount_warn_saturate+0xd8/0xe0\ncmd_ent_put+0x13b/0x160 [mlx5_core]\nmlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]\ncmd_comp_notifier+0x1f/0x30 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nmlx5_eq_async_int+0xf6/0x290 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nirq_int_handler+0x19/0x30 [mlx5_core]\n__handle_irq_event_percpu+0x4b/0x160\nhandle_irq_event+0x2e/0x80\nhandle_edge_irq+0x98/0x230\n__common_interrupt+0x3b/0xa0\ncommon_interrupt+0x7b/0xa0\n\u003c/IRQ\u003e\n\u003cTASK\u003e\nasm_common_interrupt+0x22/0x40"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:44.500Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3"
},
{
"url": "https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0"
},
{
"url": "https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396"
},
{
"url": "https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb"
},
{
"url": "https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7"
},
{
"url": "https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a"
},
{
"url": "https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40"
}
],
"title": "net/mlx5: Discard command completions in internal error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38555",
"datePublished": "2024-06-19T13:35:26.059Z",
"dateReserved": "2024-06-18T19:36:34.920Z",
"dateUpdated": "2025-05-04T12:56:44.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52786 (GCVE-0-2023-52786)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix racy may inline data check in dio write
syzbot reports that the following warning from ext4_iomap_begin()
triggers as of the commit referenced below:
if (WARN_ON_ONCE(ext4_has_inline_data(inode)))
return -ERANGE;
This occurs during a dio write, which is never expected to encounter
an inode with inline data. To enforce this behavior,
ext4_dio_write_iter() checks the current inline state of the inode
and clears the MAY_INLINE_DATA state flag to either fall back to
buffered writes, or enforce that any other writers in progress on
the inode are not allowed to create inline data.
The problem is that the check for existing inline data and the state
flag can span a lock cycle. For example, if the ilock is originally
locked shared and subsequently upgraded to exclusive, another writer
may have reacquired the lock and created inline data before the dio
write task acquires the lock and proceeds.
The commit referenced below loosens the lock requirements to allow
some forms of unaligned dio writes to occur under shared lock, but
AFAICT the inline data check was technically already racy for any
dio write that would have involved a lock cycle. Regardless, lift
clearing of the state bit to the same lock critical section that
checks for preexisting inline data on the inode to close the race.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T19:36:50.287766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:16.597Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3b83d87c93eb6fc96a80b5e8527f7dc9f5a11bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7343c23ebcadbedc23a7063d1e24d976eccb0d0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce56d21355cd6f6937aca32f1f44ca749d1e4808"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e3b83d87c93eb6fc96a80b5e8527f7dc9f5a11bc",
"status": "affected",
"version": "310ee0902b8d9d0a13a5a13e94688a5863fa29c2",
"versionType": "git"
},
{
"lessThan": "7343c23ebcadbedc23a7063d1e24d976eccb0d0d",
"status": "affected",
"version": "310ee0902b8d9d0a13a5a13e94688a5863fa29c2",
"versionType": "git"
},
{
"lessThan": "ce56d21355cd6f6937aca32f1f44ca749d1e4808",
"status": "affected",
"version": "310ee0902b8d9d0a13a5a13e94688a5863fa29c2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix racy may inline data check in dio write\n\nsyzbot reports that the following warning from ext4_iomap_begin()\ntriggers as of the commit referenced below:\n\n if (WARN_ON_ONCE(ext4_has_inline_data(inode)))\n return -ERANGE;\n\nThis occurs during a dio write, which is never expected to encounter\nan inode with inline data. To enforce this behavior,\next4_dio_write_iter() checks the current inline state of the inode\nand clears the MAY_INLINE_DATA state flag to either fall back to\nbuffered writes, or enforce that any other writers in progress on\nthe inode are not allowed to create inline data.\n\nThe problem is that the check for existing inline data and the state\nflag can span a lock cycle. For example, if the ilock is originally\nlocked shared and subsequently upgraded to exclusive, another writer\nmay have reacquired the lock and created inline data before the dio\nwrite task acquires the lock and proceeds.\n\nThe commit referenced below loosens the lock requirements to allow\nsome forms of unaligned dio writes to occur under shared lock, but\nAFAICT the inline data check was technically already racy for any\ndio write that would have involved a lock cycle. Regardless, lift\nclearing of the state bit to the same lock critical section that\nchecks for preexisting inline data on the inode to close the race."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:11.227Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e3b83d87c93eb6fc96a80b5e8527f7dc9f5a11bc"
},
{
"url": "https://git.kernel.org/stable/c/7343c23ebcadbedc23a7063d1e24d976eccb0d0d"
},
{
"url": "https://git.kernel.org/stable/c/ce56d21355cd6f6937aca32f1f44ca749d1e4808"
}
],
"title": "ext4: fix racy may inline data check in dio write",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52786",
"datePublished": "2024-05-21T15:31:03.694Z",
"dateReserved": "2024-05-21T15:19:24.241Z",
"dateUpdated": "2025-05-04T07:43:11.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26814 (GCVE-0-2024-26814)
Vulnerability from cvelistv5
Published
2024-04-05 08:24
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vfio/fsl-mc: Block calling interrupt handler without trigger
The eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is
initially NULL and may become NULL if the user sets the trigger
eventfd to -1. The interrupt handler itself is guaranteed that
trigger is always valid between request_irq() and free_irq(), but
the loopback testing mechanisms to invoke the handler function
need to test the trigger. The triggering and setting ioctl paths
both make use of igate and are therefore mutually exclusive.
The vfio-fsl-mc driver does not make use of irqfds, nor does it
support any sort of masking operations, therefore unlike vfio-pci
and vfio-platform, the flow can remain essentially unchanged.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: cc0ee20bd96971c10eba9a83ecf1c0733078a083 Version: cc0ee20bd96971c10eba9a83ecf1c0733078a083 Version: cc0ee20bd96971c10eba9a83ecf1c0733078a083 Version: cc0ee20bd96971c10eba9a83ecf1c0733078a083 Version: cc0ee20bd96971c10eba9a83ecf1c0733078a083 Version: cc0ee20bd96971c10eba9a83ecf1c0733078a083 Version: cc0ee20bd96971c10eba9a83ecf1c0733078a083 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a563fc18583ca4f42e2fdd0c70c7c618288e7ede"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/083e750c9f5f4c3bf61161330fb84d7c8e8bb417"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee0bd4ad780dfbb60355b99f25063357ab488267"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de87511fb0404d23b6da5f4660383b6ed095e28d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ec0d88166dac43f29e96801c0927d514f17add9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7447d911af699a15f8d050dfcb7c680a86f87012"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:50:33.742029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:43.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a563fc18583ca4f42e2fdd0c70c7c618288e7ede",
"status": "affected",
"version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
"versionType": "git"
},
{
"lessThan": "250219c6a556f8c69c5910fca05a59037e24147d",
"status": "affected",
"version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
"versionType": "git"
},
{
"lessThan": "083e750c9f5f4c3bf61161330fb84d7c8e8bb417",
"status": "affected",
"version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
"versionType": "git"
},
{
"lessThan": "ee0bd4ad780dfbb60355b99f25063357ab488267",
"status": "affected",
"version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
"versionType": "git"
},
{
"lessThan": "de87511fb0404d23b6da5f4660383b6ed095e28d",
"status": "affected",
"version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
"versionType": "git"
},
{
"lessThan": "6ec0d88166dac43f29e96801c0927d514f17add9",
"status": "affected",
"version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
"versionType": "git"
},
{
"lessThan": "7447d911af699a15f8d050dfcb7c680a86f87012",
"status": "affected",
"version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/fsl-mc: Block calling interrupt handler without trigger\n\nThe eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is\ninitially NULL and may become NULL if the user sets the trigger\neventfd to -1. The interrupt handler itself is guaranteed that\ntrigger is always valid between request_irq() and free_irq(), but\nthe loopback testing mechanisms to invoke the handler function\nneed to test the trigger. The triggering and setting ioctl paths\nboth make use of igate and are therefore mutually exclusive.\n\nThe vfio-fsl-mc driver does not make use of irqfds, nor does it\nsupport any sort of masking operations, therefore unlike vfio-pci\nand vfio-platform, the flow can remain essentially unchanged."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:10.359Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a563fc18583ca4f42e2fdd0c70c7c618288e7ede"
},
{
"url": "https://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d"
},
{
"url": "https://git.kernel.org/stable/c/083e750c9f5f4c3bf61161330fb84d7c8e8bb417"
},
{
"url": "https://git.kernel.org/stable/c/ee0bd4ad780dfbb60355b99f25063357ab488267"
},
{
"url": "https://git.kernel.org/stable/c/de87511fb0404d23b6da5f4660383b6ed095e28d"
},
{
"url": "https://git.kernel.org/stable/c/6ec0d88166dac43f29e96801c0927d514f17add9"
},
{
"url": "https://git.kernel.org/stable/c/7447d911af699a15f8d050dfcb7c680a86f87012"
}
],
"title": "vfio/fsl-mc: Block calling interrupt handler without trigger",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26814",
"datePublished": "2024-04-05T08:24:43.916Z",
"dateReserved": "2024-02-19T14:20:24.180Z",
"dateUpdated": "2025-05-04T08:57:10.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36952 (GCVE-0-2024-36952)
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Move NPIV's transport unregistration to after resource clean up
There are cases after NPIV deletion where the fabric switch still believes
the NPIV is logged into the fabric. This occurs when a vport is
unregistered before the Remove All DA_ID CT and LOGO ELS are sent to the
fabric.
Currently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including
the fabric D_ID, removes the last ndlp reference and frees the ndlp rport
object. This sometimes causes the race condition where the final DA_ID and
LOGO are skipped from being sent to the fabric switch.
Fix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID
and LOGO are sent.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T19:01:27.425378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:58.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2c7f029051edc4b394bb48edbe2297575abefe0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0936809d968ecf81e0726fbd02ff2a5732d960c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76337eb8daee32bcc67742efab3168ed4ca299d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/718602cd15f4c5710850090ea3066a89eeb46278"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_vport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f2c7f029051edc4b394bb48edbe2297575abefe0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0936809d968ecf81e0726fbd02ff2a5732d960c3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "76337eb8daee32bcc67742efab3168ed4ca299d0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "718602cd15f4c5710850090ea3066a89eeb46278",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_vport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Move NPIV\u0027s transport unregistration to after resource clean up\n\nThere are cases after NPIV deletion where the fabric switch still believes\nthe NPIV is logged into the fabric. This occurs when a vport is\nunregistered before the Remove All DA_ID CT and LOGO ELS are sent to the\nfabric.\n\nCurrently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including\nthe fabric D_ID, removes the last ndlp reference and frees the ndlp rport\nobject. This sometimes causes the race condition where the final DA_ID and\nLOGO are skipped from being sent to the fabric switch.\n\nFix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID\nand LOGO are sent."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:42.449Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f2c7f029051edc4b394bb48edbe2297575abefe0"
},
{
"url": "https://git.kernel.org/stable/c/0936809d968ecf81e0726fbd02ff2a5732d960c3"
},
{
"url": "https://git.kernel.org/stable/c/76337eb8daee32bcc67742efab3168ed4ca299d0"
},
{
"url": "https://git.kernel.org/stable/c/718602cd15f4c5710850090ea3066a89eeb46278"
},
{
"url": "https://git.kernel.org/stable/c/4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c"
}
],
"title": "scsi: lpfc: Move NPIV\u0027s transport unregistration to after resource clean up",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36952",
"datePublished": "2024-05-30T15:35:47.477Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2025-05-04T09:12:42.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36962 (GCVE-0-2024-36962)
Vulnerability from cvelistv5
Published
2024-06-03 07:50
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs
Currently the driver uses local_bh_disable()/local_bh_enable() in its
IRQ handler to avoid triggering net_rx_action() softirq on exit from
netif_rx(). The net_rx_action() could trigger this driver .start_xmit
callback, which is protected by the same lock as the IRQ handler, so
calling the .start_xmit from netif_rx() from the IRQ handler critical
section protected by the lock could lead to an attempt to claim the
already claimed lock, and a hang.
The local_bh_disable()/local_bh_enable() approach works only in case
the IRQ handler is protected by a spinlock, but does not work if the
IRQ handler is protected by mutex, i.e. this works for KS8851 with
Parallel bus interface, but not for KS8851 with SPI bus interface.
Remove the BH manipulation and instead of calling netif_rx() inside
the IRQ handler code protected by the lock, queue all the received
SKBs in the IRQ handler into a queue first, and once the IRQ handler
exits the critical section protected by the lock, dequeue all the
queued SKBs and push them all into netif_rx(). At this point, it is
safe to trigger the net_rx_action() softirq, since the netif_rx()
call is outside of the lock that protects the IRQ handler.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T18:04:06.438716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T16:21:03.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a3ff43dcbab7c96f9e8cf2bd1049ab8d6e59545"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae87f661f3c1a3134a7ed86ab69bf9f12af88993"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e2901a2a9195da76111f351584bf77552a038f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0863634bf9f7cf36291ebb5bfa2d16632f79c49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/micrel/ks8851_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8a3ff43dcbab7c96f9e8cf2bd1049ab8d6e59545",
"status": "affected",
"version": "492337a4fbd1421b42df684ee9b34be2a2722540",
"versionType": "git"
},
{
"lessThan": "ae87f661f3c1a3134a7ed86ab69bf9f12af88993",
"status": "affected",
"version": "cba376eb036c2c20077b41d47b317d8218fe754f",
"versionType": "git"
},
{
"lessThan": "7e2901a2a9195da76111f351584bf77552a038f0",
"status": "affected",
"version": "49d5d70538b6b8f2a3f8f1ac30c1f921d4a0929b",
"versionType": "git"
},
{
"lessThan": "e0863634bf9f7cf36291ebb5bfa2d16632f79c49",
"status": "affected",
"version": "be0384bf599cf1eb8d337517feeb732d71f75a6f",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/micrel/ks8851_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.1.91",
"status": "affected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThan": "6.6.31",
"status": "affected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThan": "6.8.10",
"status": "affected",
"version": "6.8.7",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "6.1.87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "6.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "6.8.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Queue RX packets in IRQ handler instead of disabling BHs\n\nCurrently the driver uses local_bh_disable()/local_bh_enable() in its\nIRQ handler to avoid triggering net_rx_action() softirq on exit from\nnetif_rx(). The net_rx_action() could trigger this driver .start_xmit\ncallback, which is protected by the same lock as the IRQ handler, so\ncalling the .start_xmit from netif_rx() from the IRQ handler critical\nsection protected by the lock could lead to an attempt to claim the\nalready claimed lock, and a hang.\n\nThe local_bh_disable()/local_bh_enable() approach works only in case\nthe IRQ handler is protected by a spinlock, but does not work if the\nIRQ handler is protected by mutex, i.e. this works for KS8851 with\nParallel bus interface, but not for KS8851 with SPI bus interface.\n\nRemove the BH manipulation and instead of calling netif_rx() inside\nthe IRQ handler code protected by the lock, queue all the received\nSKBs in the IRQ handler into a queue first, and once the IRQ handler\nexits the critical section protected by the lock, dequeue all the\nqueued SKBs and push them all into netif_rx(). At this point, it is\nsafe to trigger the net_rx_action() softirq, since the netif_rx()\ncall is outside of the lock that protects the IRQ handler."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:54.685Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8a3ff43dcbab7c96f9e8cf2bd1049ab8d6e59545"
},
{
"url": "https://git.kernel.org/stable/c/ae87f661f3c1a3134a7ed86ab69bf9f12af88993"
},
{
"url": "https://git.kernel.org/stable/c/7e2901a2a9195da76111f351584bf77552a038f0"
},
{
"url": "https://git.kernel.org/stable/c/e0863634bf9f7cf36291ebb5bfa2d16632f79c49"
}
],
"title": "net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36962",
"datePublished": "2024-06-03T07:50:00.425Z",
"dateReserved": "2024-05-30T15:25:07.081Z",
"dateUpdated": "2025-05-04T09:12:54.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37078 (GCVE-0-2024-37078)
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential kernel bug due to lack of writeback flag waiting
Destructive writes to a block device on which nilfs2 is mounted can cause
a kernel bug in the folio/page writeback start routine or writeback end
routine (__folio_start_writeback in the log below):
kernel BUG at mm/page-writeback.c:3070!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
...
RIP: 0010:__folio_start_writeback+0xbaa/0x10e0
Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff
e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f>
0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00
...
Call Trace:
<TASK>
nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2]
nilfs_segctor_construct+0x181/0x6b0 [nilfs2]
nilfs_segctor_thread+0x548/0x11c0 [nilfs2]
kthread+0x2f0/0x390
ret_from_fork+0x4b/0x80
ret_from_fork_asm+0x1a/0x30
</TASK>
This is because when the log writer starts a writeback for segment summary
blocks or a super root block that use the backing device's page cache, it
does not wait for the ongoing folio/page writeback, resulting in an
inconsistent writeback state.
Fix this issue by waiting for ongoing writebacks when putting
folios/pages on the backing device into writeback state.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 Version: 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 Version: 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 Version: 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 Version: 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 Version: 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 Version: 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 Version: 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95f6f81e50d858a7c9aa7c795ec14a0ac3819118"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a75b8f493dfc48aa38c518430bd9e03b53bffebe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ecfe3a92869a59668d27228dabbd7965e83567f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33900d7eae616647e179eee1c66ebe654ee39627"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/271dcd977ccda8c7a26e360425ae7b4db7d2ecc0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/614d397be0cf43412b3f94a0f6460eddced8ce92"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f3bff69f1214fe03a02bc650d5bbfaa6e65ae7d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a4ca369ca221bb7e06c725792ac107f0e48e82e7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:08:24.419560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:43.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "95f6f81e50d858a7c9aa7c795ec14a0ac3819118",
"status": "affected",
"version": "9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453",
"versionType": "git"
},
{
"lessThan": "a75b8f493dfc48aa38c518430bd9e03b53bffebe",
"status": "affected",
"version": "9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453",
"versionType": "git"
},
{
"lessThan": "0ecfe3a92869a59668d27228dabbd7965e83567f",
"status": "affected",
"version": "9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453",
"versionType": "git"
},
{
"lessThan": "33900d7eae616647e179eee1c66ebe654ee39627",
"status": "affected",
"version": "9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453",
"versionType": "git"
},
{
"lessThan": "271dcd977ccda8c7a26e360425ae7b4db7d2ecc0",
"status": "affected",
"version": "9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453",
"versionType": "git"
},
{
"lessThan": "614d397be0cf43412b3f94a0f6460eddced8ce92",
"status": "affected",
"version": "9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453",
"versionType": "git"
},
{
"lessThan": "1f3bff69f1214fe03a02bc650d5bbfaa6e65ae7d",
"status": "affected",
"version": "9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453",
"versionType": "git"
},
{
"lessThan": "a4ca369ca221bb7e06c725792ac107f0e48e82e7",
"status": "affected",
"version": "9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.5",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential kernel bug due to lack of writeback flag waiting\n\nDestructive writes to a block device on which nilfs2 is mounted can cause\na kernel bug in the folio/page writeback start routine or writeback end\nroutine (__folio_start_writeback in the log below):\n\n kernel BUG at mm/page-writeback.c:3070!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\n ...\n RIP: 0010:__folio_start_writeback+0xbaa/0x10e0\n Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff\n e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 \u003c0f\u003e\n 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00\n ...\n Call Trace:\n \u003cTASK\u003e\n nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2]\n nilfs_segctor_construct+0x181/0x6b0 [nilfs2]\n nilfs_segctor_thread+0x548/0x11c0 [nilfs2]\n kthread+0x2f0/0x390\n ret_from_fork+0x4b/0x80\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThis is because when the log writer starts a writeback for segment summary\nblocks or a super root block that use the backing device\u0027s page cache, it\ndoes not wait for the ongoing folio/page writeback, resulting in an\ninconsistent writeback state.\n\nFix this issue by waiting for ongoing writebacks when putting\nfolios/pages on the backing device into writeback state."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:19.759Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/95f6f81e50d858a7c9aa7c795ec14a0ac3819118"
},
{
"url": "https://git.kernel.org/stable/c/a75b8f493dfc48aa38c518430bd9e03b53bffebe"
},
{
"url": "https://git.kernel.org/stable/c/0ecfe3a92869a59668d27228dabbd7965e83567f"
},
{
"url": "https://git.kernel.org/stable/c/33900d7eae616647e179eee1c66ebe654ee39627"
},
{
"url": "https://git.kernel.org/stable/c/271dcd977ccda8c7a26e360425ae7b4db7d2ecc0"
},
{
"url": "https://git.kernel.org/stable/c/614d397be0cf43412b3f94a0f6460eddced8ce92"
},
{
"url": "https://git.kernel.org/stable/c/1f3bff69f1214fe03a02bc650d5bbfaa6e65ae7d"
},
{
"url": "https://git.kernel.org/stable/c/a4ca369ca221bb7e06c725792ac107f0e48e82e7"
}
],
"title": "nilfs2: fix potential kernel bug due to lack of writeback flag waiting",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-37078",
"datePublished": "2024-06-25T14:22:35.558Z",
"dateReserved": "2024-06-24T13:54:11.068Z",
"dateUpdated": "2025-05-04T09:13:19.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36887 (GCVE-0-2024-36887)
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
e1000e: change usleep_range to udelay in PHY mdic access
This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaround
for sporadic MDI error on Meteor Lake systems"). The referenced commit
used usleep_range inside the PHY access routines, which are sometimes
called from an atomic context. This can lead to a kernel panic in some
scenarios, such as cable disconnection and reconnection on vPro systems.
Solve this by changing the usleep_range calls back to udelay.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T17:21:16.500731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:39.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8a139656c95db893a543159873c57a470d7376d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/950d5226cd6bb83ba720961a8d4d5cf79e6afd57"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/387f295cb2150ed164905b648d76dfcbd3621778"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/e1000e/phy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f8a139656c95db893a543159873c57a470d7376d",
"status": "affected",
"version": "1d16cd91cd319d5bf6230c8493feb56a61e486a1",
"versionType": "git"
},
{
"lessThan": "950d5226cd6bb83ba720961a8d4d5cf79e6afd57",
"status": "affected",
"version": "0a4e3c2d976aa4dd38951afd6267f74ef3fade0e",
"versionType": "git"
},
{
"lessThan": "387f295cb2150ed164905b648d76dfcbd3621778",
"status": "affected",
"version": "6dbdd4de0362c37e54e8b049781402e5a409e7d0",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/e1000e/phy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.6.31",
"status": "affected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThan": "6.8.10",
"status": "affected",
"version": "6.8.5",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "6.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "6.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ne1000e: change usleep_range to udelay in PHY mdic access\n\nThis is a partial revert of commit 6dbdd4de0362 (\"e1000e: Workaround\nfor sporadic MDI error on Meteor Lake systems\"). The referenced commit\nused usleep_range inside the PHY access routines, which are sometimes\ncalled from an atomic context. This can lead to a kernel panic in some\nscenarios, such as cable disconnection and reconnection on vPro systems.\n\nSolve this by changing the usleep_range calls back to udelay."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:26.182Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f8a139656c95db893a543159873c57a470d7376d"
},
{
"url": "https://git.kernel.org/stable/c/950d5226cd6bb83ba720961a8d4d5cf79e6afd57"
},
{
"url": "https://git.kernel.org/stable/c/387f295cb2150ed164905b648d76dfcbd3621778"
}
],
"title": "e1000e: change usleep_range to udelay in PHY mdic access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36887",
"datePublished": "2024-05-30T15:28:55.630Z",
"dateReserved": "2024-05-30T15:25:07.065Z",
"dateUpdated": "2025-05-04T09:11:26.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38664 (GCVE-0-2024-38664)
Vulnerability from cvelistv5
Published
2024-06-24 13:50
Modified
2025-05-04 09:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm: zynqmp_dpsub: Always register bridge
We must always register the DRM bridge, since zynqmp_dp_hpd_work_func
calls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be
initialized. We do this before zynqmp_dpsub_drm_init since that calls
drm_bridge_attach. This fixes the following lockdep warning:
[ 19.217084] ------------[ cut here ]------------
[ 19.227530] DEBUG_LOCKS_WARN_ON(lock->magic != lock)
[ 19.227768] WARNING: CPU: 0 PID: 140 at kernel/locking/mutex.c:582 __mutex_lock+0x4bc/0x550
[ 19.241696] Modules linked in:
[ 19.244937] CPU: 0 PID: 140 Comm: kworker/0:4 Not tainted 6.6.20+ #96
[ 19.252046] Hardware name: xlnx,zynqmp (DT)
[ 19.256421] Workqueue: events zynqmp_dp_hpd_work_func
[ 19.261795] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 19.269104] pc : __mutex_lock+0x4bc/0x550
[ 19.273364] lr : __mutex_lock+0x4bc/0x550
[ 19.277592] sp : ffffffc085c5bbe0
[ 19.281066] x29: ffffffc085c5bbe0 x28: 0000000000000000 x27: ffffff88009417f8
[ 19.288624] x26: ffffff8800941788 x25: ffffff8800020008 x24: ffffffc082aa3000
[ 19.296227] x23: ffffffc080d90e3c x22: 0000000000000002 x21: 0000000000000000
[ 19.303744] x20: 0000000000000000 x19: ffffff88002f5210 x18: 0000000000000000
[ 19.311295] x17: 6c707369642e3030 x16: 3030613464662072 x15: 0720072007200720
[ 19.318922] x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 0000000000000001
[ 19.326442] x11: 0001ffc085c5b940 x10: 0001ff88003f388b x9 : 0001ff88003f3888
[ 19.334003] x8 : 0001ff88003f3888 x7 : 0000000000000000 x6 : 0000000000000000
[ 19.341537] x5 : 0000000000000000 x4 : 0000000000001668 x3 : 0000000000000000
[ 19.349054] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffffff88003f3880
[ 19.356581] Call trace:
[ 19.359160] __mutex_lock+0x4bc/0x550
[ 19.363032] mutex_lock_nested+0x24/0x30
[ 19.367187] drm_bridge_hpd_notify+0x2c/0x6c
[ 19.371698] zynqmp_dp_hpd_work_func+0x44/0x54
[ 19.376364] process_one_work+0x3ac/0x988
[ 19.380660] worker_thread+0x398/0x694
[ 19.384736] kthread+0x1bc/0x1c0
[ 19.388241] ret_from_fork+0x10/0x20
[ 19.392031] irq event stamp: 183
[ 19.395450] hardirqs last enabled at (183): [<ffffffc0800b9278>] finish_task_switch.isra.0+0xa8/0x2d4
[ 19.405140] hardirqs last disabled at (182): [<ffffffc081ad3754>] __schedule+0x714/0xd04
[ 19.413612] softirqs last enabled at (114): [<ffffffc080133de8>] srcu_invoke_callbacks+0x158/0x23c
[ 19.423128] softirqs last disabled at (110): [<ffffffc080133de8>] srcu_invoke_callbacks+0x158/0x23c
[ 19.432614] ---[ end trace 0000000000000000 ]---
(cherry picked from commit 61ba791c4a7a09a370c45b70a81b8c7d4cf6b2ae)
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T17:03:52.649243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T17:04:05.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ead3eccf67bc8318b1ce95ed879b2cc05b4fce9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/603661357056b5e5ba6d86f505fbc936eff396ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be3f3042391d061cfca2bd22630e0d101acea5fc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/xlnx/zynqmp_dpsub.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6ead3eccf67bc8318b1ce95ed879b2cc05b4fce9",
"status": "affected",
"version": "eb2d64bfcc174919a921295a5327b99a3b8f4166",
"versionType": "git"
},
{
"lessThan": "603661357056b5e5ba6d86f505fbc936eff396ba",
"status": "affected",
"version": "eb2d64bfcc174919a921295a5327b99a3b8f4166",
"versionType": "git"
},
{
"lessThan": "be3f3042391d061cfca2bd22630e0d101acea5fc",
"status": "affected",
"version": "eb2d64bfcc174919a921295a5327b99a3b8f4166",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/xlnx/zynqmp_dpsub.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: zynqmp_dpsub: Always register bridge\n\nWe must always register the DRM bridge, since zynqmp_dp_hpd_work_func\ncalls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be\ninitialized. We do this before zynqmp_dpsub_drm_init since that calls\ndrm_bridge_attach. This fixes the following lockdep warning:\n\n[ 19.217084] ------------[ cut here ]------------\n[ 19.227530] DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n[ 19.227768] WARNING: CPU: 0 PID: 140 at kernel/locking/mutex.c:582 __mutex_lock+0x4bc/0x550\n[ 19.241696] Modules linked in:\n[ 19.244937] CPU: 0 PID: 140 Comm: kworker/0:4 Not tainted 6.6.20+ #96\n[ 19.252046] Hardware name: xlnx,zynqmp (DT)\n[ 19.256421] Workqueue: events zynqmp_dp_hpd_work_func\n[ 19.261795] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 19.269104] pc : __mutex_lock+0x4bc/0x550\n[ 19.273364] lr : __mutex_lock+0x4bc/0x550\n[ 19.277592] sp : ffffffc085c5bbe0\n[ 19.281066] x29: ffffffc085c5bbe0 x28: 0000000000000000 x27: ffffff88009417f8\n[ 19.288624] x26: ffffff8800941788 x25: ffffff8800020008 x24: ffffffc082aa3000\n[ 19.296227] x23: ffffffc080d90e3c x22: 0000000000000002 x21: 0000000000000000\n[ 19.303744] x20: 0000000000000000 x19: ffffff88002f5210 x18: 0000000000000000\n[ 19.311295] x17: 6c707369642e3030 x16: 3030613464662072 x15: 0720072007200720\n[ 19.318922] x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 0000000000000001\n[ 19.326442] x11: 0001ffc085c5b940 x10: 0001ff88003f388b x9 : 0001ff88003f3888\n[ 19.334003] x8 : 0001ff88003f3888 x7 : 0000000000000000 x6 : 0000000000000000\n[ 19.341537] x5 : 0000000000000000 x4 : 0000000000001668 x3 : 0000000000000000\n[ 19.349054] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffffff88003f3880\n[ 19.356581] Call trace:\n[ 19.359160] __mutex_lock+0x4bc/0x550\n[ 19.363032] mutex_lock_nested+0x24/0x30\n[ 19.367187] drm_bridge_hpd_notify+0x2c/0x6c\n[ 19.371698] zynqmp_dp_hpd_work_func+0x44/0x54\n[ 19.376364] process_one_work+0x3ac/0x988\n[ 19.380660] worker_thread+0x398/0x694\n[ 19.384736] kthread+0x1bc/0x1c0\n[ 19.388241] ret_from_fork+0x10/0x20\n[ 19.392031] irq event stamp: 183\n[ 19.395450] hardirqs last enabled at (183): [\u003cffffffc0800b9278\u003e] finish_task_switch.isra.0+0xa8/0x2d4\n[ 19.405140] hardirqs last disabled at (182): [\u003cffffffc081ad3754\u003e] __schedule+0x714/0xd04\n[ 19.413612] softirqs last enabled at (114): [\u003cffffffc080133de8\u003e] srcu_invoke_callbacks+0x158/0x23c\n[ 19.423128] softirqs last disabled at (110): [\u003cffffffc080133de8\u003e] srcu_invoke_callbacks+0x158/0x23c\n[ 19.432614] ---[ end trace 0000000000000000 ]---\n\n(cherry picked from commit 61ba791c4a7a09a370c45b70a81b8c7d4cf6b2ae)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:16:02.502Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6ead3eccf67bc8318b1ce95ed879b2cc05b4fce9"
},
{
"url": "https://git.kernel.org/stable/c/603661357056b5e5ba6d86f505fbc936eff396ba"
},
{
"url": "https://git.kernel.org/stable/c/be3f3042391d061cfca2bd22630e0d101acea5fc"
}
],
"title": "drm: zynqmp_dpsub: Always register bridge",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38664",
"datePublished": "2024-06-24T13:50:52.371Z",
"dateReserved": "2024-06-21T11:16:40.607Z",
"dateUpdated": "2025-05-04T09:16:02.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52763 (GCVE-0-2023-52763)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data.
The `i3c_master_bus_init` function may attach the I2C devices before the
I3C bus initialization. In this flow, the DAT `alloc_entry`` will be used
before the DAT `init`. Additionally, if the `i3c_master_bus_init` fails,
the DAT `cleanup` will execute before the device is detached, which will
execue DAT `free_entry` function. The above scenario can cause the driver
to use DAT_data when it is NULL.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T19:40:16.388139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:49.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39c71357e68e2f03766f9321b9f4882e49ff1442"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e64d23dc65810be4e3395d72df0c398f60c991f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cb79a365e7cce8f121bba91312e2ddd206b9781"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eed74230435c61eeb58abaa275b1820e6a4b7f02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b53e9758a31c683fc8615df930262192ed5f034b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i3c/master/mipi-i3c-hci/dat_v1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "39c71357e68e2f03766f9321b9f4882e49ff1442",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "e64d23dc65810be4e3395d72df0c398f60c991f9",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "3cb79a365e7cce8f121bba91312e2ddd206b9781",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "eed74230435c61eeb58abaa275b1820e6a4b7f02",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
},
{
"lessThan": "b53e9758a31c683fc8615df930262192ed5f034b",
"status": "affected",
"version": "3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i3c/master/mipi-i3c-hci/dat_v1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data.\n\nThe `i3c_master_bus_init` function may attach the I2C devices before the\nI3C bus initialization. In this flow, the DAT `alloc_entry`` will be used\nbefore the DAT `init`. Additionally, if the `i3c_master_bus_init` fails,\nthe DAT `cleanup` will execute before the device is detached, which will\nexecue DAT `free_entry` function. The above scenario can cause the driver\nto use DAT_data when it is NULL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:39.473Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/39c71357e68e2f03766f9321b9f4882e49ff1442"
},
{
"url": "https://git.kernel.org/stable/c/e64d23dc65810be4e3395d72df0c398f60c991f9"
},
{
"url": "https://git.kernel.org/stable/c/3cb79a365e7cce8f121bba91312e2ddd206b9781"
},
{
"url": "https://git.kernel.org/stable/c/eed74230435c61eeb58abaa275b1820e6a4b7f02"
},
{
"url": "https://git.kernel.org/stable/c/b53e9758a31c683fc8615df930262192ed5f034b"
}
],
"title": "i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52763",
"datePublished": "2024-05-21T15:30:48.369Z",
"dateReserved": "2024-05-21T15:19:24.238Z",
"dateUpdated": "2025-05-04T07:42:39.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38564 (GCVE-0-2024-38564)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE
bpf_prog_attach uses attach_type_to_prog_type to enforce proper
attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses
bpf_prog_get and relies on bpf_prog_attach_check_attach_type
to properly verify prog_type <> attach_type association.
Add missing attach_type enforcement for the link_create case.
Otherwise, it's currently possible to attach cgroup_skb prog
types to other cgroup hooks.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T14:57:28.333210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T14:57:37.182Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6675c541f540a29487a802d3135280b69b9f568d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67929e973f5a347f05fef064fea4ae79e7cdb5fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b34bbc76651065a5eafad8ddff1eb8d1f8473172"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/543576ec15b17c0c93301ac8297333c7b6e84ac7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/syscall.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6675c541f540a29487a802d3135280b69b9f568d",
"status": "affected",
"version": "4a1e7c0c63e02daad751842b7880f9bbcdfb6e89",
"versionType": "git"
},
{
"lessThan": "67929e973f5a347f05fef064fea4ae79e7cdb5fd",
"status": "affected",
"version": "4a1e7c0c63e02daad751842b7880f9bbcdfb6e89",
"versionType": "git"
},
{
"lessThan": "b34bbc76651065a5eafad8ddff1eb8d1f8473172",
"status": "affected",
"version": "4a1e7c0c63e02daad751842b7880f9bbcdfb6e89",
"versionType": "git"
},
{
"lessThan": "543576ec15b17c0c93301ac8297333c7b6e84ac7",
"status": "affected",
"version": "4a1e7c0c63e02daad751842b7880f9bbcdfb6e89",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/syscall.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE\n\nbpf_prog_attach uses attach_type_to_prog_type to enforce proper\nattach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses\nbpf_prog_get and relies on bpf_prog_attach_check_attach_type\nto properly verify prog_type \u003c\u003e attach_type association.\n\nAdd missing attach_type enforcement for the link_create case.\nOtherwise, it\u0027s currently possible to attach cgroup_skb prog\ntypes to other cgroup hooks."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:12.296Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6675c541f540a29487a802d3135280b69b9f568d"
},
{
"url": "https://git.kernel.org/stable/c/67929e973f5a347f05fef064fea4ae79e7cdb5fd"
},
{
"url": "https://git.kernel.org/stable/c/b34bbc76651065a5eafad8ddff1eb8d1f8473172"
},
{
"url": "https://git.kernel.org/stable/c/543576ec15b17c0c93301ac8297333c7b6e84ac7"
}
],
"title": "bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38564",
"datePublished": "2024-06-19T13:35:32.222Z",
"dateReserved": "2024-06-18T19:36:34.922Z",
"dateUpdated": "2025-05-04T09:14:12.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38581 (GCVE-0-2024-38581)
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2025-05-21 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/mes: fix use-after-free issue
Delete fence fallback timer to fix the ramdom
use-after-free issue.
v2: move to amdgpu_mes.c
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T14:58:15.450879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T14:58:23.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39cfce75168c11421d70b8c0c65f6133edccb82a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f98c144c15c8fc0f3176c994bd4e727ef718a5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/948255282074d9367e01908b3f5dcf8c10fc9c3d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "70b1bf6d9edc8692d241f59a65f073aec6d501de",
"status": "affected",
"version": "8c5e13ec6a2c26d31d0551dc382661dc10823be0",
"versionType": "git"
},
{
"lessThan": "39cfce75168c11421d70b8c0c65f6133edccb82a",
"status": "affected",
"version": "8c5e13ec6a2c26d31d0551dc382661dc10823be0",
"versionType": "git"
},
{
"lessThan": "0f98c144c15c8fc0f3176c994bd4e727ef718a5c",
"status": "affected",
"version": "8c5e13ec6a2c26d31d0551dc382661dc10823be0",
"versionType": "git"
},
{
"lessThan": "948255282074d9367e01908b3f5dcf8c10fc9c3d",
"status": "affected",
"version": "8c5e13ec6a2c26d31d0551dc382661dc10823be0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix use-after-free issue\n\nDelete fence fallback timer to fix the ramdom\nuse-after-free issue.\n\nv2: move to amdgpu_mes.c"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:12:42.039Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de"
},
{
"url": "https://git.kernel.org/stable/c/39cfce75168c11421d70b8c0c65f6133edccb82a"
},
{
"url": "https://git.kernel.org/stable/c/0f98c144c15c8fc0f3176c994bd4e727ef718a5c"
},
{
"url": "https://git.kernel.org/stable/c/948255282074d9367e01908b3f5dcf8c10fc9c3d"
}
],
"title": "drm/amdgpu/mes: fix use-after-free issue",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38581",
"datePublished": "2024-06-19T13:37:38.509Z",
"dateReserved": "2024-06-18T19:36:34.927Z",
"dateUpdated": "2025-05-21T09:12:42.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38548 (GCVE-0-2024-38548)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is
assigned to mhdp_state->current_mode, and there is a dereference of it in
drm_mode_set_name(), which will lead to a NULL pointer dereference on
failure of drm_mode_duplicate().
Fix this bug add a check of mhdp_state->current_mode.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b Version: fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b Version: fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b Version: fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b Version: fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b Version: fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b Version: fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:43:16.376326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T16:40:10.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/85d1a27402f81f2e04b0e67d20f749c2a14edbb3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89788cd9824c28ffcdea40232c458233353d1896"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca53b7efd4ba6ae92fd2b3085cb099c745e96965"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dcf53e6103b26e7458be71491d0641f49fbd5840"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32fb2ef124c3301656ac6c789a2ef35ef69a66da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47889711da20be9b43e1e136e5cb68df37cbcc79"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/935a92a1c400285545198ca2800a4c6c519c650a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "85d1a27402f81f2e04b0e67d20f749c2a14edbb3",
"status": "affected",
"version": "fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b",
"versionType": "git"
},
{
"lessThan": "89788cd9824c28ffcdea40232c458233353d1896",
"status": "affected",
"version": "fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b",
"versionType": "git"
},
{
"lessThan": "ca53b7efd4ba6ae92fd2b3085cb099c745e96965",
"status": "affected",
"version": "fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b",
"versionType": "git"
},
{
"lessThan": "dcf53e6103b26e7458be71491d0641f49fbd5840",
"status": "affected",
"version": "fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b",
"versionType": "git"
},
{
"lessThan": "32fb2ef124c3301656ac6c789a2ef35ef69a66da",
"status": "affected",
"version": "fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b",
"versionType": "git"
},
{
"lessThan": "47889711da20be9b43e1e136e5cb68df37cbcc79",
"status": "affected",
"version": "fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b",
"versionType": "git"
},
{
"lessThan": "935a92a1c400285545198ca2800a4c6c519c650a",
"status": "affected",
"version": "fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: cdns-mhdp8546: Fix possible null pointer dereference\n\nIn cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is\nassigned to mhdp_state-\u003ecurrent_mode, and there is a dereference of it in\ndrm_mode_set_name(), which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate().\n\nFix this bug add a check of mhdp_state-\u003ecurrent_mode."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:45.775Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/85d1a27402f81f2e04b0e67d20f749c2a14edbb3"
},
{
"url": "https://git.kernel.org/stable/c/89788cd9824c28ffcdea40232c458233353d1896"
},
{
"url": "https://git.kernel.org/stable/c/ca53b7efd4ba6ae92fd2b3085cb099c745e96965"
},
{
"url": "https://git.kernel.org/stable/c/dcf53e6103b26e7458be71491d0641f49fbd5840"
},
{
"url": "https://git.kernel.org/stable/c/32fb2ef124c3301656ac6c789a2ef35ef69a66da"
},
{
"url": "https://git.kernel.org/stable/c/47889711da20be9b43e1e136e5cb68df37cbcc79"
},
{
"url": "https://git.kernel.org/stable/c/935a92a1c400285545198ca2800a4c6c519c650a"
}
],
"title": "drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38548",
"datePublished": "2024-06-19T13:35:21.349Z",
"dateReserved": "2024-06-18T19:36:34.920Z",
"dateUpdated": "2025-05-04T09:13:45.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38556 (GCVE-0-2024-38556)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Add a timeout to acquire the command queue semaphore
Prevent forced completion handling on an entry that has not yet been
assigned an index, causing an out of bounds access on idx = -22.
Instead of waiting indefinitely for the sem, blocking flow now waits for
index to be allocated or a sem acquisition timeout before beginning the
timer for FW completion.
Kernel log example:
mlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:1128:(pid 185911): cmd[-22]: CREATE_UCTX(0xa04) No done completion
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8e715cd613a1e872b9d918e912d90b399785761a Version: 8e715cd613a1e872b9d918e912d90b399785761a Version: 8e715cd613a1e872b9d918e912d90b399785761a Version: 8e715cd613a1e872b9d918e912d90b399785761a Version: 8e715cd613a1e872b9d918e912d90b399785761a Version: 74dd45122b84479eee50bd0956ae8bc5799c9f8a Version: e801f81cee3c8901f52ee48c6329802b28fbb49c Version: d73d81447c6651904dd4a9e3fd88651ff174c1b7 Version: 4646175c19fd019b773444a11ff62748eb83745b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T14:39:36.786296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T14:40:06.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4baae687a20ef2b82fde12de3c04461e6f2521d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9caccdd42e999b74303c9b0643300073ed5d319"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d0962d05c93de391ce85f6e764df895f47c8918"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94024332a129c6e4275569d85c0c1bfb2ae2d71b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/485d65e1357123a697c591a5aeb773994b247ad7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/cmd.c",
"include/linux/mlx5/driver.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4baae687a20ef2b82fde12de3c04461e6f2521d6",
"status": "affected",
"version": "8e715cd613a1e872b9d918e912d90b399785761a",
"versionType": "git"
},
{
"lessThan": "f9caccdd42e999b74303c9b0643300073ed5d319",
"status": "affected",
"version": "8e715cd613a1e872b9d918e912d90b399785761a",
"versionType": "git"
},
{
"lessThan": "2d0962d05c93de391ce85f6e764df895f47c8918",
"status": "affected",
"version": "8e715cd613a1e872b9d918e912d90b399785761a",
"versionType": "git"
},
{
"lessThan": "94024332a129c6e4275569d85c0c1bfb2ae2d71b",
"status": "affected",
"version": "8e715cd613a1e872b9d918e912d90b399785761a",
"versionType": "git"
},
{
"lessThan": "485d65e1357123a697c591a5aeb773994b247ad7",
"status": "affected",
"version": "8e715cd613a1e872b9d918e912d90b399785761a",
"versionType": "git"
},
{
"status": "affected",
"version": "74dd45122b84479eee50bd0956ae8bc5799c9f8a",
"versionType": "git"
},
{
"status": "affected",
"version": "e801f81cee3c8901f52ee48c6329802b28fbb49c",
"versionType": "git"
},
{
"status": "affected",
"version": "d73d81447c6651904dd4a9e3fd88651ff174c1b7",
"versionType": "git"
},
{
"status": "affected",
"version": "4646175c19fd019b773444a11ff62748eb83745b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/cmd.c",
"include/linux/mlx5/driver.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Add a timeout to acquire the command queue semaphore\n\nPrevent forced completion handling on an entry that has not yet been\nassigned an index, causing an out of bounds access on idx = -22.\nInstead of waiting indefinitely for the sem, blocking flow now waits for\nindex to be allocated or a sem acquisition timeout before beginning the\ntimer for FW completion.\n\nKernel log example:\nmlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:1128:(pid 185911): cmd[-22]: CREATE_UCTX(0xa04) No done completion"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:45.684Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4baae687a20ef2b82fde12de3c04461e6f2521d6"
},
{
"url": "https://git.kernel.org/stable/c/f9caccdd42e999b74303c9b0643300073ed5d319"
},
{
"url": "https://git.kernel.org/stable/c/2d0962d05c93de391ce85f6e764df895f47c8918"
},
{
"url": "https://git.kernel.org/stable/c/94024332a129c6e4275569d85c0c1bfb2ae2d71b"
},
{
"url": "https://git.kernel.org/stable/c/485d65e1357123a697c591a5aeb773994b247ad7"
}
],
"title": "net/mlx5: Add a timeout to acquire the command queue semaphore",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38556",
"datePublished": "2024-06-19T13:35:26.753Z",
"dateReserved": "2024-06-18T19:36:34.921Z",
"dateUpdated": "2025-05-04T12:56:45.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38575 (GCVE-0-2024-38575)
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmfmac: pcie: handle randbuf allocation failure
The kzalloc() in brcmf_pcie_download_fw_nvram() will return null
if the physical memory has run out. As a result, if we use
get_random_bytes() to generate random bytes in the randbuf, the
null pointer dereference bug will happen.
In order to prevent allocation failure, this patch adds a separate
function using buffer on kernel stack to generate random bytes in
the randbuf, which could prevent the kernel stack from overflow.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c35105f375b530bc27e03ea9250b1c26dd4cae86 Version: 91918ce88d9fef408bb12c46a27c73d79b604c20 Version: 91918ce88d9fef408bb12c46a27c73d79b604c20 Version: 91918ce88d9fef408bb12c46a27c73d79b604c20 Version: 91918ce88d9fef408bb12c46a27c73d79b604c20 Version: ba72baed066f3bfa8b489e4b58f1fcaf51c04f83 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T14:58:36.238292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T14:58:48.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0eb2c0528e232b3c32cde9d5e1c9f80ba2996e49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c37466406f075476c2702ecc01917928af871f3b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c15eb344b0d4d3468c9b2a7591ad2b859b29b88"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3729ca9e48d19a03ae049e2bde510e161c2f3720"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/316f790ebcf94bdf59f794b7cdea4068dc676d4c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0eb2c0528e232b3c32cde9d5e1c9f80ba2996e49",
"status": "affected",
"version": "c35105f375b530bc27e03ea9250b1c26dd4cae86",
"versionType": "git"
},
{
"lessThan": "c37466406f075476c2702ecc01917928af871f3b",
"status": "affected",
"version": "91918ce88d9fef408bb12c46a27c73d79b604c20",
"versionType": "git"
},
{
"lessThan": "7c15eb344b0d4d3468c9b2a7591ad2b859b29b88",
"status": "affected",
"version": "91918ce88d9fef408bb12c46a27c73d79b604c20",
"versionType": "git"
},
{
"lessThan": "3729ca9e48d19a03ae049e2bde510e161c2f3720",
"status": "affected",
"version": "91918ce88d9fef408bb12c46a27c73d79b604c20",
"versionType": "git"
},
{
"lessThan": "316f790ebcf94bdf59f794b7cdea4068dc676d4c",
"status": "affected",
"version": "91918ce88d9fef408bb12c46a27c73d79b604c20",
"versionType": "git"
},
{
"status": "affected",
"version": "ba72baed066f3bfa8b489e4b58f1fcaf51c04f83",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "6.1.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: pcie: handle randbuf allocation failure\n\nThe kzalloc() in brcmf_pcie_download_fw_nvram() will return null\nif the physical memory has run out. As a result, if we use\nget_random_bytes() to generate random bytes in the randbuf, the\nnull pointer dereference bug will happen.\n\nIn order to prevent allocation failure, this patch adds a separate\nfunction using buffer on kernel stack to generate random bytes in\nthe randbuf, which could prevent the kernel stack from overflow."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:47.063Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0eb2c0528e232b3c32cde9d5e1c9f80ba2996e49"
},
{
"url": "https://git.kernel.org/stable/c/c37466406f075476c2702ecc01917928af871f3b"
},
{
"url": "https://git.kernel.org/stable/c/7c15eb344b0d4d3468c9b2a7591ad2b859b29b88"
},
{
"url": "https://git.kernel.org/stable/c/3729ca9e48d19a03ae049e2bde510e161c2f3720"
},
{
"url": "https://git.kernel.org/stable/c/316f790ebcf94bdf59f794b7cdea4068dc676d4c"
}
],
"title": "wifi: brcmfmac: pcie: handle randbuf allocation failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38575",
"datePublished": "2024-06-19T13:37:34.476Z",
"dateReserved": "2024-06-18T19:36:34.924Z",
"dateUpdated": "2025-05-04T12:56:47.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38578 (GCVE-0-2024-38578)
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ecryptfs: Fix buffer size for tag 66 packet
The 'TAG 66 Packet Format' description is missing the cipher code and
checksum fields that are packed into the message packet. As a result,
the buffer allocated for the packet is 3 bytes too small and
write_tag_66_packet() will write up to 3 bytes past the end of the
buffer.
Fix this by increasing the size of the allocation so the whole packet
will always fit in the buffer.
This fixes the below kasan slab-out-of-bounds bug:
BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0
Write of size 1 at addr ffff88800afbb2a5 by task touch/181
CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x4c/0x70
print_report+0xc5/0x610
? ecryptfs_generate_key_packet_set+0x7d6/0xde0
? kasan_complete_mode_report_info+0x44/0x210
? ecryptfs_generate_key_packet_set+0x7d6/0xde0
kasan_report+0xc2/0x110
? ecryptfs_generate_key_packet_set+0x7d6/0xde0
__asan_store1+0x62/0x80
ecryptfs_generate_key_packet_set+0x7d6/0xde0
? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10
? __alloc_pages+0x2e2/0x540
? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]
? dentry_open+0x8f/0xd0
ecryptfs_write_metadata+0x30a/0x550
? __pfx_ecryptfs_write_metadata+0x10/0x10
? ecryptfs_get_lower_file+0x6b/0x190
ecryptfs_initialize_file+0x77/0x150
ecryptfs_create+0x1c2/0x2f0
path_openat+0x17cf/0x1ba0
? __pfx_path_openat+0x10/0x10
do_filp_open+0x15e/0x290
? __pfx_do_filp_open+0x10/0x10
? __kasan_check_write+0x18/0x30
? _raw_spin_lock+0x86/0xf0
? __pfx__raw_spin_lock+0x10/0x10
? __kasan_check_write+0x18/0x30
? alloc_fd+0xf4/0x330
do_sys_openat2+0x122/0x160
? __pfx_do_sys_openat2+0x10/0x10
__x64_sys_openat+0xef/0x170
? __pfx___x64_sys_openat+0x10/0x10
do_syscall_64+0x60/0xd0
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x7f00a703fd67
Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f
RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67
RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c
RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000
R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941
R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040
</TASK>
Allocated by task 181:
kasan_save_stack+0x2f/0x60
kasan_set_track+0x29/0x40
kasan_save_alloc_info+0x25/0x40
__kasan_kmalloc+0xc5/0xd0
__kmalloc+0x66/0x160
ecryptfs_generate_key_packet_set+0x6d2/0xde0
ecryptfs_write_metadata+0x30a/0x550
ecryptfs_initialize_file+0x77/0x150
ecryptfs_create+0x1c2/0x2f0
path_openat+0x17cf/0x1ba0
do_filp_open+0x15e/0x290
do_sys_openat2+0x122/0x160
__x64_sys_openat+0xef/0x170
do_syscall_64+0x60/0xd0
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a Version: dddfa461fc8951f9b5f951c13565b6cac678635a |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c125b9287e58f364d82174efb167414b92b11f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/235b85981051cd68fc215fd32a81c6f116bfc4df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edbfc42ab080e78c6907d40a42c9d10b69e445c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/12db25a54ce6bb22b0af28010fff53ef9cb3fe93"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d0f8ba042af16519f1ef7dd10463a33b21b677c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ed750b7ae1b5dc72896d7dd114c419afd3d1910"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a20f09452e2f58f761d11ad7b96b5c894c91030e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6008487f1eeb8693f8d2a36a89c87d9122ddf74"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/85a6a1aff08ec9f5b929d345d066e2830e8818e5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:06.312936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:55.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ecryptfs/keystore.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1c125b9287e58f364d82174efb167414b92b11f1",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "235b85981051cd68fc215fd32a81c6f116bfc4df",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "edbfc42ab080e78c6907d40a42c9d10b69e445c1",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "12db25a54ce6bb22b0af28010fff53ef9cb3fe93",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "0d0f8ba042af16519f1ef7dd10463a33b21b677c",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "2ed750b7ae1b5dc72896d7dd114c419afd3d1910",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "a20f09452e2f58f761d11ad7b96b5c894c91030e",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "f6008487f1eeb8693f8d2a36a89c87d9122ddf74",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
},
{
"lessThan": "85a6a1aff08ec9f5b929d345d066e2830e8818e5",
"status": "affected",
"version": "dddfa461fc8951f9b5f951c13565b6cac678635a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ecryptfs/keystore.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.21"
},
{
"lessThan": "2.6.21",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "2.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\necryptfs: Fix buffer size for tag 66 packet\n\nThe \u0027TAG 66 Packet Format\u0027 description is missing the cipher code and\nchecksum fields that are packed into the message packet. As a result,\nthe buffer allocated for the packet is 3 bytes too small and\nwrite_tag_66_packet() will write up to 3 bytes past the end of the\nbuffer.\n\nFix this by increasing the size of the allocation so the whole packet\nwill always fit in the buffer.\n\nThis fixes the below kasan slab-out-of-bounds bug:\n\n BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0\n Write of size 1 at addr ffff88800afbb2a5 by task touch/181\n\n CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x4c/0x70\n print_report+0xc5/0x610\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? kasan_complete_mode_report_info+0x44/0x210\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n kasan_report+0xc2/0x110\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n __asan_store1+0x62/0x80\n ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10\n ? __alloc_pages+0x2e2/0x540\n ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]\n ? dentry_open+0x8f/0xd0\n ecryptfs_write_metadata+0x30a/0x550\n ? __pfx_ecryptfs_write_metadata+0x10/0x10\n ? ecryptfs_get_lower_file+0x6b/0x190\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n ? __pfx_path_openat+0x10/0x10\n do_filp_open+0x15e/0x290\n ? __pfx_do_filp_open+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? _raw_spin_lock+0x86/0xf0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? alloc_fd+0xf4/0x330\n do_sys_openat2+0x122/0x160\n ? __pfx_do_sys_openat2+0x10/0x10\n __x64_sys_openat+0xef/0x170\n ? __pfx___x64_sys_openat+0x10/0x10\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7f00a703fd67\n Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f\n RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101\n RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67\n RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c\n RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000\n R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941\n R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040\n \u003c/TASK\u003e\n\n Allocated by task 181:\n kasan_save_stack+0x2f/0x60\n kasan_set_track+0x29/0x40\n kasan_save_alloc_info+0x25/0x40\n __kasan_kmalloc+0xc5/0xd0\n __kmalloc+0x66/0x160\n ecryptfs_generate_key_packet_set+0x6d2/0xde0\n ecryptfs_write_metadata+0x30a/0x550\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n do_filp_open+0x15e/0x290\n do_sys_openat2+0x122/0x160\n __x64_sys_openat+0xef/0x170\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:31.009Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c125b9287e58f364d82174efb167414b92b11f1"
},
{
"url": "https://git.kernel.org/stable/c/235b85981051cd68fc215fd32a81c6f116bfc4df"
},
{
"url": "https://git.kernel.org/stable/c/edbfc42ab080e78c6907d40a42c9d10b69e445c1"
},
{
"url": "https://git.kernel.org/stable/c/12db25a54ce6bb22b0af28010fff53ef9cb3fe93"
},
{
"url": "https://git.kernel.org/stable/c/0d0f8ba042af16519f1ef7dd10463a33b21b677c"
},
{
"url": "https://git.kernel.org/stable/c/2ed750b7ae1b5dc72896d7dd114c419afd3d1910"
},
{
"url": "https://git.kernel.org/stable/c/a20f09452e2f58f761d11ad7b96b5c894c91030e"
},
{
"url": "https://git.kernel.org/stable/c/f6008487f1eeb8693f8d2a36a89c87d9122ddf74"
},
{
"url": "https://git.kernel.org/stable/c/85a6a1aff08ec9f5b929d345d066e2830e8818e5"
}
],
"title": "ecryptfs: Fix buffer size for tag 66 packet",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38578",
"datePublished": "2024-06-19T13:37:36.487Z",
"dateReserved": "2024-06-18T19:36:34.926Z",
"dateUpdated": "2025-05-04T09:14:31.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36937 (GCVE-0-2024-36937)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xdp: use flags field to disambiguate broadcast redirect
When redirecting a packet using XDP, the bpf_redirect_map() helper will set
up the redirect destination information in struct bpf_redirect_info (using
the __bpf_xdp_redirect_map() helper function), and the xdp_do_redirect()
function will read this information after the XDP program returns and pass
the frame on to the right redirect destination.
When using the BPF_F_BROADCAST flag to do multicast redirect to a whole
map, __bpf_xdp_redirect_map() sets the 'map' pointer in struct
bpf_redirect_info to point to the destination map to be broadcast. And
xdp_do_redirect() reacts to the value of this map pointer to decide whether
it's dealing with a broadcast or a single-value redirect. However, if the
destination map is being destroyed before xdp_do_redirect() is called, the
map pointer will be cleared out (by bpf_clear_redirect_map()) without
waiting for any XDP programs to stop running. This causes xdp_do_redirect()
to think that the redirect was to a single target, but the target pointer
is also NULL (since broadcast redirects don't have a single target), so
this causes a crash when a NULL pointer is passed to dev_map_enqueue().
To fix this, change xdp_do_redirect() to react directly to the presence of
the BPF_F_BROADCAST flag in the 'flags' value in struct bpf_redirect_info
to disambiguate between a single-target and a broadcast redirect. And only
read the 'map' pointer if the broadcast flag is set, aborting if that has
been cleared out in the meantime. This prevents the crash, while keeping
the atomic (cmpxchg-based) clearing of the map pointer itself, and without
adding any more checks in the non-broadcast fast path.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/12481f30128fbebc2eeb55eb2d56390fdfa30c5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/272bfb019f3cc018f654b992115774e77b4f3ffc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e22e25820fa04ea5eaac4ef7ee200e9923f466a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fd81f9d333e7b3532036577b1beb74ba1323553"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5bcf0dcbf9066348058b88a510c57f70f384c92c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:48.388446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:59.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "12481f30128fbebc2eeb55eb2d56390fdfa30c5e",
"status": "affected",
"version": "e624d4ed4aa8cc3c69d1359b0aaea539203ed266",
"versionType": "git"
},
{
"lessThan": "272bfb019f3cc018f654b992115774e77b4f3ffc",
"status": "affected",
"version": "e624d4ed4aa8cc3c69d1359b0aaea539203ed266",
"versionType": "git"
},
{
"lessThan": "e22e25820fa04ea5eaac4ef7ee200e9923f466a4",
"status": "affected",
"version": "e624d4ed4aa8cc3c69d1359b0aaea539203ed266",
"versionType": "git"
},
{
"lessThan": "6fd81f9d333e7b3532036577b1beb74ba1323553",
"status": "affected",
"version": "e624d4ed4aa8cc3c69d1359b0aaea539203ed266",
"versionType": "git"
},
{
"lessThan": "5bcf0dcbf9066348058b88a510c57f70f384c92c",
"status": "affected",
"version": "e624d4ed4aa8cc3c69d1359b0aaea539203ed266",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: use flags field to disambiguate broadcast redirect\n\nWhen redirecting a packet using XDP, the bpf_redirect_map() helper will set\nup the redirect destination information in struct bpf_redirect_info (using\nthe __bpf_xdp_redirect_map() helper function), and the xdp_do_redirect()\nfunction will read this information after the XDP program returns and pass\nthe frame on to the right redirect destination.\n\nWhen using the BPF_F_BROADCAST flag to do multicast redirect to a whole\nmap, __bpf_xdp_redirect_map() sets the \u0027map\u0027 pointer in struct\nbpf_redirect_info to point to the destination map to be broadcast. And\nxdp_do_redirect() reacts to the value of this map pointer to decide whether\nit\u0027s dealing with a broadcast or a single-value redirect. However, if the\ndestination map is being destroyed before xdp_do_redirect() is called, the\nmap pointer will be cleared out (by bpf_clear_redirect_map()) without\nwaiting for any XDP programs to stop running. This causes xdp_do_redirect()\nto think that the redirect was to a single target, but the target pointer\nis also NULL (since broadcast redirects don\u0027t have a single target), so\nthis causes a crash when a NULL pointer is passed to dev_map_enqueue().\n\nTo fix this, change xdp_do_redirect() to react directly to the presence of\nthe BPF_F_BROADCAST flag in the \u0027flags\u0027 value in struct bpf_redirect_info\nto disambiguate between a single-target and a broadcast redirect. And only\nread the \u0027map\u0027 pointer if the broadcast flag is set, aborting if that has\nbeen cleared out in the meantime. This prevents the crash, while keeping\nthe atomic (cmpxchg-based) clearing of the map pointer itself, and without\nadding any more checks in the non-broadcast fast path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:26.458Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/12481f30128fbebc2eeb55eb2d56390fdfa30c5e"
},
{
"url": "https://git.kernel.org/stable/c/272bfb019f3cc018f654b992115774e77b4f3ffc"
},
{
"url": "https://git.kernel.org/stable/c/e22e25820fa04ea5eaac4ef7ee200e9923f466a4"
},
{
"url": "https://git.kernel.org/stable/c/6fd81f9d333e7b3532036577b1beb74ba1323553"
},
{
"url": "https://git.kernel.org/stable/c/5bcf0dcbf9066348058b88a510c57f70f384c92c"
}
],
"title": "xdp: use flags field to disambiguate broadcast redirect",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36937",
"datePublished": "2024-05-30T15:29:26.353Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2025-05-04T09:12:26.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52803 (GCVE-0-2023-52803)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
RPC client pipefs dentries cleanup is in separated rpc_remove_pipedir()
workqueue,which takes care about pipefs superblock locking.
In some special scenarios, when kernel frees the pipefs sb of the
current client and immediately alloctes a new pipefs sb,
rpc_remove_pipedir function would misjudge the existence of pipefs
sb which is not the one it used to hold. As a result,
the rpc_remove_pipedir would clean the released freed pipefs dentries.
To fix this issue, rpc_remove_pipedir should check whether the
current pipefs sb is consistent with the original pipefs sb.
This error can be catched by KASAN:
=========================================================
[ 250.497700] BUG: KASAN: slab-use-after-free in dget_parent+0x195/0x200
[ 250.498315] Read of size 4 at addr ffff88800a2ab804 by task kworker/0:18/106503
[ 250.500549] Workqueue: events rpc_free_client_work
[ 250.501001] Call Trace:
[ 250.502880] kasan_report+0xb6/0xf0
[ 250.503209] ? dget_parent+0x195/0x200
[ 250.503561] dget_parent+0x195/0x200
[ 250.503897] ? __pfx_rpc_clntdir_depopulate+0x10/0x10
[ 250.504384] rpc_rmdir_depopulate+0x1b/0x90
[ 250.504781] rpc_remove_client_dir+0xf5/0x150
[ 250.505195] rpc_free_client_work+0xe4/0x230
[ 250.505598] process_one_work+0x8ee/0x13b0
...
[ 22.039056] Allocated by task 244:
[ 22.039390] kasan_save_stack+0x22/0x50
[ 22.039758] kasan_set_track+0x25/0x30
[ 22.040109] __kasan_slab_alloc+0x59/0x70
[ 22.040487] kmem_cache_alloc_lru+0xf0/0x240
[ 22.040889] __d_alloc+0x31/0x8e0
[ 22.041207] d_alloc+0x44/0x1f0
[ 22.041514] __rpc_lookup_create_exclusive+0x11c/0x140
[ 22.041987] rpc_mkdir_populate.constprop.0+0x5f/0x110
[ 22.042459] rpc_create_client_dir+0x34/0x150
[ 22.042874] rpc_setup_pipedir_sb+0x102/0x1c0
[ 22.043284] rpc_client_register+0x136/0x4e0
[ 22.043689] rpc_new_client+0x911/0x1020
[ 22.044057] rpc_create_xprt+0xcb/0x370
[ 22.044417] rpc_create+0x36b/0x6c0
...
[ 22.049524] Freed by task 0:
[ 22.049803] kasan_save_stack+0x22/0x50
[ 22.050165] kasan_set_track+0x25/0x30
[ 22.050520] kasan_save_free_info+0x2b/0x50
[ 22.050921] __kasan_slab_free+0x10e/0x1a0
[ 22.051306] kmem_cache_free+0xa5/0x390
[ 22.051667] rcu_core+0x62c/0x1930
[ 22.051995] __do_softirq+0x165/0x52a
[ 22.052347]
[ 22.052503] Last potentially related work creation:
[ 22.052952] kasan_save_stack+0x22/0x50
[ 22.053313] __kasan_record_aux_stack+0x8e/0xa0
[ 22.053739] __call_rcu_common.constprop.0+0x6b/0x8b0
[ 22.054209] dentry_free+0xb2/0x140
[ 22.054540] __dentry_kill+0x3be/0x540
[ 22.054900] shrink_dentry_list+0x199/0x510
[ 22.055293] shrink_dcache_parent+0x190/0x240
[ 22.055703] do_one_tree+0x11/0x40
[ 22.056028] shrink_dcache_for_umount+0x61/0x140
[ 22.056461] generic_shutdown_super+0x70/0x590
[ 22.056879] kill_anon_super+0x3a/0x60
[ 22.057234] rpc_kill_sb+0x121/0x200
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0157d021d23a087eecfa830502f81cfe843f0d16 Version: 0157d021d23a087eecfa830502f81cfe843f0d16 Version: 0157d021d23a087eecfa830502f81cfe843f0d16 Version: 0157d021d23a087eecfa830502f81cfe843f0d16 Version: 0157d021d23a087eecfa830502f81cfe843f0d16 Version: 0157d021d23a087eecfa830502f81cfe843f0d16 Version: 0157d021d23a087eecfa830502f81cfe843f0d16 Version: 0157d021d23a087eecfa830502f81cfe843f0d16 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:36:49.719946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:37:08.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17866066b8ac1cc38fb449670bc15dc9fee4b40a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d61d1da2ed1f682c41cae0c8d4719cdaccee5c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dedf2a0eb9448ae73b270743e6ea9b108189df46"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/194454afa6aa9d6ed74f0c57127bc8beb27c20df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7749fd2dbef72a52b5c9ffdbf877691950ed4680"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1cdb52ffd6600a37bd355d8dce58ecd03e55e618"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc2e7ebbeb1d0601f7f3c8d93b78fcc03a95e44a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfca5fb4e97c46503ddfc582335917b0cc228264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/sunrpc/clnt.h",
"net/sunrpc/clnt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "17866066b8ac1cc38fb449670bc15dc9fee4b40a",
"status": "affected",
"version": "0157d021d23a087eecfa830502f81cfe843f0d16",
"versionType": "git"
},
{
"lessThan": "7d61d1da2ed1f682c41cae0c8d4719cdaccee5c5",
"status": "affected",
"version": "0157d021d23a087eecfa830502f81cfe843f0d16",
"versionType": "git"
},
{
"lessThan": "dedf2a0eb9448ae73b270743e6ea9b108189df46",
"status": "affected",
"version": "0157d021d23a087eecfa830502f81cfe843f0d16",
"versionType": "git"
},
{
"lessThan": "194454afa6aa9d6ed74f0c57127bc8beb27c20df",
"status": "affected",
"version": "0157d021d23a087eecfa830502f81cfe843f0d16",
"versionType": "git"
},
{
"lessThan": "7749fd2dbef72a52b5c9ffdbf877691950ed4680",
"status": "affected",
"version": "0157d021d23a087eecfa830502f81cfe843f0d16",
"versionType": "git"
},
{
"lessThan": "1cdb52ffd6600a37bd355d8dce58ecd03e55e618",
"status": "affected",
"version": "0157d021d23a087eecfa830502f81cfe843f0d16",
"versionType": "git"
},
{
"lessThan": "cc2e7ebbeb1d0601f7f3c8d93b78fcc03a95e44a",
"status": "affected",
"version": "0157d021d23a087eecfa830502f81cfe843f0d16",
"versionType": "git"
},
{
"lessThan": "bfca5fb4e97c46503ddfc582335917b0cc228264",
"status": "affected",
"version": "0157d021d23a087eecfa830502f81cfe843f0d16",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/sunrpc/clnt.h",
"net/sunrpc/clnt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.4"
},
{
"lessThan": "3.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix RPC client cleaned up the freed pipefs dentries\n\nRPC client pipefs dentries cleanup is in separated rpc_remove_pipedir()\nworkqueue,which takes care about pipefs superblock locking.\nIn some special scenarios, when kernel frees the pipefs sb of the\ncurrent client and immediately alloctes a new pipefs sb,\nrpc_remove_pipedir function would misjudge the existence of pipefs\nsb which is not the one it used to hold. As a result,\nthe rpc_remove_pipedir would clean the released freed pipefs dentries.\n\nTo fix this issue, rpc_remove_pipedir should check whether the\ncurrent pipefs sb is consistent with the original pipefs sb.\n\nThis error can be catched by KASAN:\n=========================================================\n[ 250.497700] BUG: KASAN: slab-use-after-free in dget_parent+0x195/0x200\n[ 250.498315] Read of size 4 at addr ffff88800a2ab804 by task kworker/0:18/106503\n[ 250.500549] Workqueue: events rpc_free_client_work\n[ 250.501001] Call Trace:\n[ 250.502880] kasan_report+0xb6/0xf0\n[ 250.503209] ? dget_parent+0x195/0x200\n[ 250.503561] dget_parent+0x195/0x200\n[ 250.503897] ? __pfx_rpc_clntdir_depopulate+0x10/0x10\n[ 250.504384] rpc_rmdir_depopulate+0x1b/0x90\n[ 250.504781] rpc_remove_client_dir+0xf5/0x150\n[ 250.505195] rpc_free_client_work+0xe4/0x230\n[ 250.505598] process_one_work+0x8ee/0x13b0\n...\n[ 22.039056] Allocated by task 244:\n[ 22.039390] kasan_save_stack+0x22/0x50\n[ 22.039758] kasan_set_track+0x25/0x30\n[ 22.040109] __kasan_slab_alloc+0x59/0x70\n[ 22.040487] kmem_cache_alloc_lru+0xf0/0x240\n[ 22.040889] __d_alloc+0x31/0x8e0\n[ 22.041207] d_alloc+0x44/0x1f0\n[ 22.041514] __rpc_lookup_create_exclusive+0x11c/0x140\n[ 22.041987] rpc_mkdir_populate.constprop.0+0x5f/0x110\n[ 22.042459] rpc_create_client_dir+0x34/0x150\n[ 22.042874] rpc_setup_pipedir_sb+0x102/0x1c0\n[ 22.043284] rpc_client_register+0x136/0x4e0\n[ 22.043689] rpc_new_client+0x911/0x1020\n[ 22.044057] rpc_create_xprt+0xcb/0x370\n[ 22.044417] rpc_create+0x36b/0x6c0\n...\n[ 22.049524] Freed by task 0:\n[ 22.049803] kasan_save_stack+0x22/0x50\n[ 22.050165] kasan_set_track+0x25/0x30\n[ 22.050520] kasan_save_free_info+0x2b/0x50\n[ 22.050921] __kasan_slab_free+0x10e/0x1a0\n[ 22.051306] kmem_cache_free+0xa5/0x390\n[ 22.051667] rcu_core+0x62c/0x1930\n[ 22.051995] __do_softirq+0x165/0x52a\n[ 22.052347]\n[ 22.052503] Last potentially related work creation:\n[ 22.052952] kasan_save_stack+0x22/0x50\n[ 22.053313] __kasan_record_aux_stack+0x8e/0xa0\n[ 22.053739] __call_rcu_common.constprop.0+0x6b/0x8b0\n[ 22.054209] dentry_free+0xb2/0x140\n[ 22.054540] __dentry_kill+0x3be/0x540\n[ 22.054900] shrink_dentry_list+0x199/0x510\n[ 22.055293] shrink_dcache_parent+0x190/0x240\n[ 22.055703] do_one_tree+0x11/0x40\n[ 22.056028] shrink_dcache_for_umount+0x61/0x140\n[ 22.056461] generic_shutdown_super+0x70/0x590\n[ 22.056879] kill_anon_super+0x3a/0x60\n[ 22.057234] rpc_kill_sb+0x121/0x200"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:28.931Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/17866066b8ac1cc38fb449670bc15dc9fee4b40a"
},
{
"url": "https://git.kernel.org/stable/c/7d61d1da2ed1f682c41cae0c8d4719cdaccee5c5"
},
{
"url": "https://git.kernel.org/stable/c/dedf2a0eb9448ae73b270743e6ea9b108189df46"
},
{
"url": "https://git.kernel.org/stable/c/194454afa6aa9d6ed74f0c57127bc8beb27c20df"
},
{
"url": "https://git.kernel.org/stable/c/7749fd2dbef72a52b5c9ffdbf877691950ed4680"
},
{
"url": "https://git.kernel.org/stable/c/1cdb52ffd6600a37bd355d8dce58ecd03e55e618"
},
{
"url": "https://git.kernel.org/stable/c/cc2e7ebbeb1d0601f7f3c8d93b78fcc03a95e44a"
},
{
"url": "https://git.kernel.org/stable/c/bfca5fb4e97c46503ddfc582335917b0cc228264"
}
],
"title": "SUNRPC: Fix RPC client cleaned up the freed pipefs dentries",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52803",
"datePublished": "2024-05-21T15:31:15.063Z",
"dateReserved": "2024-05-21T15:19:24.247Z",
"dateUpdated": "2025-05-04T07:43:28.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38541 (GCVE-0-2024-38541)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-06-04 13:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
of: module: add buffer overflow check in of_modalias()
In of_modalias(), if the buffer happens to be too small even for the 1st
snprintf() call, the len parameter will become negative and str parameter
(if not NULL initially) will point beyond the buffer's end. Add the buffer
overflow check after the 1st snprintf() call and fix such check after the
strlen() call (accounting for the terminating NUL char).
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bc575064d688c8933a6ca51429bea9bc63628d3b Version: bc575064d688c8933a6ca51429bea9bc63628d3b Version: bc575064d688c8933a6ca51429bea9bc63628d3b Version: bc575064d688c8933a6ca51429bea9bc63628d3b Version: bc575064d688c8933a6ca51429bea9bc63628d3b Version: bc575064d688c8933a6ca51429bea9bc63628d3b Version: bc575064d688c8933a6ca51429bea9bc63628d3b Version: bc575064d688c8933a6ca51429bea9bc63628d3b |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "0b0d5701a8bf",
"status": "affected",
"version": "bc575064d688",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ee332023adfd",
"status": "affected",
"version": "bc575064d688",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e45b69360a63",
"status": "affected",
"version": "bc575064d688",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "cf7385cb26ac",
"status": "affected",
"version": "bc575064d688",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.14"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.33",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.12",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.10",
"status": "unaffected",
"version": "6.9.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.10-rc1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T19:51:57.578646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T13:56:15.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b0d5701a8bf02f8fee037e81aacf6746558bfd6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee332023adfd5882808f2dabf037b32d6ce36f9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e45b69360a63165377b30db4a1dfddd89ca18e9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf7385cb26ac4f0ee6c7385960525ad534323252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/of/module.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "46795440ef2b4ac919d09310a69a404c5bc90a88",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "733e62786bdf1b2b9dbb09ba2246313306503414",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "c7f24b7d94549ff4623e8f41ea4d9f5319bd8ac8",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "5d59fd637a8af42b211a92b2edb2474325b4d488",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "0b0d5701a8bf02f8fee037e81aacf6746558bfd6",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "ee332023adfd5882808f2dabf037b32d6ce36f9e",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "e45b69360a63165377b30db4a1dfddd89ca18e9a",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "cf7385cb26ac4f0ee6c7385960525ad534323252",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/of/module.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.294",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.182",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.136",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: module: add buffer overflow check in of_modalias()\n\nIn of_modalias(), if the buffer happens to be too small even for the 1st\nsnprintf() call, the len parameter will become negative and str parameter\n(if not NULL initially) will point beyond the buffer\u0027s end. Add the buffer\noverflow check after the 1st snprintf() call and fix such check after the\nstrlen() call (accounting for the terminating NUL char)."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T12:57:16.081Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/46795440ef2b4ac919d09310a69a404c5bc90a88"
},
{
"url": "https://git.kernel.org/stable/c/733e62786bdf1b2b9dbb09ba2246313306503414"
},
{
"url": "https://git.kernel.org/stable/c/c7f24b7d94549ff4623e8f41ea4d9f5319bd8ac8"
},
{
"url": "https://git.kernel.org/stable/c/5d59fd637a8af42b211a92b2edb2474325b4d488"
},
{
"url": "https://git.kernel.org/stable/c/0b0d5701a8bf02f8fee037e81aacf6746558bfd6"
},
{
"url": "https://git.kernel.org/stable/c/ee332023adfd5882808f2dabf037b32d6ce36f9e"
},
{
"url": "https://git.kernel.org/stable/c/e45b69360a63165377b30db4a1dfddd89ca18e9a"
},
{
"url": "https://git.kernel.org/stable/c/cf7385cb26ac4f0ee6c7385960525ad534323252"
}
],
"title": "of: module: add buffer overflow check in of_modalias()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38541",
"datePublished": "2024-06-19T13:35:16.637Z",
"dateReserved": "2024-06-18T19:36:34.919Z",
"dateUpdated": "2025-06-04T13:56:15.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52776 (GCVE-0-2023-52776)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix dfs-radar and temperature event locking
The ath12k active pdevs are protected by RCU but the DFS-radar and
temperature event handling code calling ath12k_mac_get_ar_by_pdev_id()
was not marked as a read-side critical section.
Mark the code in question as RCU read-side critical sections to avoid
any potential use-after-free issues.
Note that the temperature event handler looks like a place holder
currently but would still trigger an RCU lockdep splat.
Compile tested only.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:48:38.223706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T14:25:28.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/774de37c147fea81f2c2e4be5082304f4f71d535"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d7a5f7f76568e48869916d769e28b9f3ca70c78e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69bd216e049349886405b1c87a55dce3d35d1ba7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "774de37c147fea81f2c2e4be5082304f4f71d535",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "d7a5f7f76568e48869916d769e28b9f3ca70c78e",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "69bd216e049349886405b1c87a55dce3d35d1ba7",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix dfs-radar and temperature event locking\n\nThe ath12k active pdevs are protected by RCU but the DFS-radar and\ntemperature event handling code calling ath12k_mac_get_ar_by_pdev_id()\nwas not marked as a read-side critical section.\n\nMark the code in question as RCU read-side critical sections to avoid\nany potential use-after-free issues.\n\nNote that the temperature event handler looks like a place holder\ncurrently but would still trigger an RCU lockdep splat.\n\nCompile tested only."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:00.183Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/774de37c147fea81f2c2e4be5082304f4f71d535"
},
{
"url": "https://git.kernel.org/stable/c/d7a5f7f76568e48869916d769e28b9f3ca70c78e"
},
{
"url": "https://git.kernel.org/stable/c/69bd216e049349886405b1c87a55dce3d35d1ba7"
}
],
"title": "wifi: ath12k: fix dfs-radar and temperature event locking",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52776",
"datePublished": "2024-05-21T15:30:56.906Z",
"dateReserved": "2024-05-21T15:19:24.239Z",
"dateUpdated": "2025-05-04T07:43:00.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38635 (GCVE-0-2024-38635)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
soundwire: cadence: fix invalid PDI offset
For some reason, we add an offset to the PDI, presumably to skip the
PDI0 and PDI1 which are reserved for BPT.
This code is however completely wrong and leads to an out-of-bounds
access. We were just lucky so far since we used only a couple of PDIs
and remained within the PDI array bounds.
A Fixes: tag is not provided since there are no known platforms where
the out-of-bounds would be accessed, and the initial code had problems
as well.
A follow-up patch completely removes this useless offset.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T13:12:09.388099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T13:12:24.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/002364b2d594a9afc0385c09e00994c510b1d089"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd4bcb991ebaf0d1813d81d9983cfa99f9ef5328"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/902f6d656441a511ac25c6cffce74496db10a078"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ebcaa0e5db9b6044bb487ae1cf41bc601761567"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7eeef1e935d23db5265233d92395bd5c648a4021"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e99103f757cdf636c6ee860994a19a346a11785"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ee1b439b1540ae543149b15a2a61b9dff937d91"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/soundwire/cadence_master.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "002364b2d594a9afc0385c09e00994c510b1d089",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fd4bcb991ebaf0d1813d81d9983cfa99f9ef5328",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "902f6d656441a511ac25c6cffce74496db10a078",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2ebcaa0e5db9b6044bb487ae1cf41bc601761567",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7eeef1e935d23db5265233d92395bd5c648a4021",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4e99103f757cdf636c6ee860994a19a346a11785",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8ee1b439b1540ae543149b15a2a61b9dff937d91",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/soundwire/cadence_master.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: cadence: fix invalid PDI offset\n\nFor some reason, we add an offset to the PDI, presumably to skip the\nPDI0 and PDI1 which are reserved for BPT.\n\nThis code is however completely wrong and leads to an out-of-bounds\naccess. We were just lucky so far since we used only a couple of PDIs\nand remained within the PDI array bounds.\n\nA Fixes: tag is not provided since there are no known platforms where\nthe out-of-bounds would be accessed, and the initial code had problems\nas well.\n\nA follow-up patch completely removes this useless offset."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:52.845Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/002364b2d594a9afc0385c09e00994c510b1d089"
},
{
"url": "https://git.kernel.org/stable/c/fd4bcb991ebaf0d1813d81d9983cfa99f9ef5328"
},
{
"url": "https://git.kernel.org/stable/c/902f6d656441a511ac25c6cffce74496db10a078"
},
{
"url": "https://git.kernel.org/stable/c/2ebcaa0e5db9b6044bb487ae1cf41bc601761567"
},
{
"url": "https://git.kernel.org/stable/c/7eeef1e935d23db5265233d92395bd5c648a4021"
},
{
"url": "https://git.kernel.org/stable/c/4e99103f757cdf636c6ee860994a19a346a11785"
},
{
"url": "https://git.kernel.org/stable/c/8ee1b439b1540ae543149b15a2a61b9dff937d91"
}
],
"title": "soundwire: cadence: fix invalid PDI offset",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38635",
"datePublished": "2024-06-21T10:18:24.244Z",
"dateReserved": "2024-06-18T19:36:34.947Z",
"dateUpdated": "2025-05-04T09:15:52.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38595 (GCVE-0-2024-38595)
Vulnerability from cvelistv5
Published
2024-06-19 13:45
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix peer devlink set for SF representor devlink port
The cited patch change register devlink flow, and neglect to reflect
the changes for peer devlink set logic. Peer devlink set is
triggering a call trace if done after devl_register.[1]
Hence, align peer devlink set logic with register devlink flow.
[1]
WARNING: CPU: 4 PID: 3394 at net/devlink/core.c:155 devlink_rel_nested_in_add+0x177/0x180
CPU: 4 PID: 3394 Comm: kworker/u40:1 Not tainted 6.9.0-rc4_for_linust_min_debug_2024_04_16_14_08 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Workqueue: mlx5_vhca_event0 mlx5_vhca_state_work_handler [mlx5_core]
RIP: 0010:devlink_rel_nested_in_add+0x177/0x180
Call Trace:
<TASK>
? __warn+0x78/0x120
? devlink_rel_nested_in_add+0x177/0x180
? report_bug+0x16d/0x180
? handle_bug+0x3c/0x60
? exc_invalid_op+0x14/0x70
? asm_exc_invalid_op+0x16/0x20
? devlink_port_init+0x30/0x30
? devlink_port_type_clear+0x50/0x50
? devlink_rel_nested_in_add+0x177/0x180
? devlink_rel_nested_in_add+0xdd/0x180
mlx5_sf_mdev_event+0x74/0xb0 [mlx5_core]
notifier_call_chain+0x35/0xb0
blocking_notifier_call_chain+0x3d/0x60
mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]
mlx5_sf_dev_probe+0x185/0x3e0 [mlx5_core]
auxiliary_bus_probe+0x38/0x80
? driver_sysfs_add+0x51/0x80
really_probe+0xc5/0x3a0
? driver_probe_device+0x90/0x90
__driver_probe_device+0x80/0x160
driver_probe_device+0x1e/0x90
__device_attach_driver+0x7d/0x100
bus_for_each_drv+0x80/0xd0
__device_attach+0xbc/0x1f0
bus_probe_device+0x86/0xa0
device_add+0x64f/0x860
__auxiliary_device_add+0x3b/0xa0
mlx5_sf_dev_add+0x139/0x330 [mlx5_core]
mlx5_sf_dev_state_change_handler+0x1e4/0x250 [mlx5_core]
notifier_call_chain+0x35/0xb0
blocking_notifier_call_chain+0x3d/0x60
mlx5_vhca_state_work_handler+0x151/0x200 [mlx5_core]
process_one_work+0x13f/0x2e0
worker_thread+0x2bd/0x3c0
? rescuer_thread+0x410/0x410
kthread+0xc4/0xf0
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x2d/0x50
? kthread_complete_and_exit+0x20/0x20
ret_from_fork_asm+0x11/0x20
</TASK>
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0501201751034ebe7a22bd9483ed28fea1cd213"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/05d9d7b66836d87c914f8fdd4b062b78e373458d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c453e8cc672de1f9c662948dba43176bc68d7f0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:40.656790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:54.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/main.c",
"drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a0501201751034ebe7a22bd9483ed28fea1cd213",
"status": "affected",
"version": "967caa3d37c078e5b95a32094657e6a4cad145f0",
"versionType": "git"
},
{
"lessThan": "05d9d7b66836d87c914f8fdd4b062b78e373458d",
"status": "affected",
"version": "c6e77aa9dd82bc18a89bf49418f8f7e961cfccc8",
"versionType": "git"
},
{
"lessThan": "3c453e8cc672de1f9c662948dba43176bc68d7f0",
"status": "affected",
"version": "c6e77aa9dd82bc18a89bf49418f8f7e961cfccc8",
"versionType": "git"
},
{
"status": "affected",
"version": "8c91c60858473731bcdaf04fda99fcbcf84420d4",
"versionType": "git"
},
{
"status": "affected",
"version": "8256c1211dc6fa606269aa043b6e294247820b31",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/main.c",
"drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.8.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix peer devlink set for SF representor devlink port\n\nThe cited patch change register devlink flow, and neglect to reflect\nthe changes for peer devlink set logic. Peer devlink set is\ntriggering a call trace if done after devl_register.[1]\n\nHence, align peer devlink set logic with register devlink flow.\n\n[1]\nWARNING: CPU: 4 PID: 3394 at net/devlink/core.c:155 devlink_rel_nested_in_add+0x177/0x180\nCPU: 4 PID: 3394 Comm: kworker/u40:1 Not tainted 6.9.0-rc4_for_linust_min_debug_2024_04_16_14_08 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nWorkqueue: mlx5_vhca_event0 mlx5_vhca_state_work_handler [mlx5_core]\nRIP: 0010:devlink_rel_nested_in_add+0x177/0x180\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x78/0x120\n ? devlink_rel_nested_in_add+0x177/0x180\n ? report_bug+0x16d/0x180\n ? handle_bug+0x3c/0x60\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? devlink_port_init+0x30/0x30\n ? devlink_port_type_clear+0x50/0x50\n ? devlink_rel_nested_in_add+0x177/0x180\n ? devlink_rel_nested_in_add+0xdd/0x180\n mlx5_sf_mdev_event+0x74/0xb0 [mlx5_core]\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_sf_dev_probe+0x185/0x3e0 [mlx5_core]\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc5/0x3a0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x64f/0x860\n __auxiliary_device_add+0x3b/0xa0\n mlx5_sf_dev_add+0x139/0x330 [mlx5_core]\n mlx5_sf_dev_state_change_handler+0x1e4/0x250 [mlx5_core]\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_vhca_state_work_handler+0x151/0x200 [mlx5_core]\n process_one_work+0x13f/0x2e0\n worker_thread+0x2bd/0x3c0\n ? rescuer_thread+0x410/0x410\n kthread+0xc4/0xf0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x2d/0x50\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:49.631Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a0501201751034ebe7a22bd9483ed28fea1cd213"
},
{
"url": "https://git.kernel.org/stable/c/05d9d7b66836d87c914f8fdd4b062b78e373458d"
},
{
"url": "https://git.kernel.org/stable/c/3c453e8cc672de1f9c662948dba43176bc68d7f0"
}
],
"title": "net/mlx5: Fix peer devlink set for SF representor devlink port",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38595",
"datePublished": "2024-06-19T13:45:45.336Z",
"dateReserved": "2024-06-18T19:36:34.931Z",
"dateUpdated": "2025-05-04T12:56:49.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38590 (GCVE-0-2024-38590)
Vulnerability from cvelistv5
Published
2024-06-19 13:45
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Modify the print level of CQE error
Too much print may lead to a panic in kernel. Change ibdev_err() to
ibdev_err_ratelimited(), and change the printing level of cqe dump
to debug level.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7c044adca272768d821921f11d3da4587dcec68a Version: 7c044adca272768d821921f11d3da4587dcec68a Version: 7c044adca272768d821921f11d3da4587dcec68a Version: 7c044adca272768d821921f11d3da4587dcec68a Version: 7c044adca272768d821921f11d3da4587dcec68a Version: 7c044adca272768d821921f11d3da4587dcec68a Version: 7c044adca272768d821921f11d3da4587dcec68a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:39:58.504819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:40:07.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/45b31be4dd22827903df15c548b97b416790139b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc699b7eb2bc963c12ffcd37f80f45330d2924bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17f3741c65c4a042ae8ba094068b07a4b77e213c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f541a89ced8305da459e3ab0006e7528cf7da7b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/817a10a6df9354e67561922d2b7fce48dfbebc55"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06cf121346bbd3d83a5eea05bb87666c6b279990"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/349e859952285ab9689779fb46de163f13f18f43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_hw_v2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "45b31be4dd22827903df15c548b97b416790139b",
"status": "affected",
"version": "7c044adca272768d821921f11d3da4587dcec68a",
"versionType": "git"
},
{
"lessThan": "cc699b7eb2bc963c12ffcd37f80f45330d2924bd",
"status": "affected",
"version": "7c044adca272768d821921f11d3da4587dcec68a",
"versionType": "git"
},
{
"lessThan": "17f3741c65c4a042ae8ba094068b07a4b77e213c",
"status": "affected",
"version": "7c044adca272768d821921f11d3da4587dcec68a",
"versionType": "git"
},
{
"lessThan": "6f541a89ced8305da459e3ab0006e7528cf7da7b",
"status": "affected",
"version": "7c044adca272768d821921f11d3da4587dcec68a",
"versionType": "git"
},
{
"lessThan": "817a10a6df9354e67561922d2b7fce48dfbebc55",
"status": "affected",
"version": "7c044adca272768d821921f11d3da4587dcec68a",
"versionType": "git"
},
{
"lessThan": "06cf121346bbd3d83a5eea05bb87666c6b279990",
"status": "affected",
"version": "7c044adca272768d821921f11d3da4587dcec68a",
"versionType": "git"
},
{
"lessThan": "349e859952285ab9689779fb46de163f13f18f43",
"status": "affected",
"version": "7c044adca272768d821921f11d3da4587dcec68a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_hw_v2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Modify the print level of CQE error\n\nToo much print may lead to a panic in kernel. Change ibdev_err() to\nibdev_err_ratelimited(), and change the printing level of cqe dump\nto debug level."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:47.116Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/45b31be4dd22827903df15c548b97b416790139b"
},
{
"url": "https://git.kernel.org/stable/c/cc699b7eb2bc963c12ffcd37f80f45330d2924bd"
},
{
"url": "https://git.kernel.org/stable/c/17f3741c65c4a042ae8ba094068b07a4b77e213c"
},
{
"url": "https://git.kernel.org/stable/c/6f541a89ced8305da459e3ab0006e7528cf7da7b"
},
{
"url": "https://git.kernel.org/stable/c/817a10a6df9354e67561922d2b7fce48dfbebc55"
},
{
"url": "https://git.kernel.org/stable/c/06cf121346bbd3d83a5eea05bb87666c6b279990"
},
{
"url": "https://git.kernel.org/stable/c/349e859952285ab9689779fb46de163f13f18f43"
}
],
"title": "RDMA/hns: Modify the print level of CQE error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38590",
"datePublished": "2024-06-19T13:45:41.928Z",
"dateReserved": "2024-06-18T19:36:34.930Z",
"dateUpdated": "2025-05-04T09:14:47.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36916 (GCVE-0-2024-36916)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-20 14:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-iocost: avoid out of bounds shift
UBSAN catches undefined behavior in blk-iocost, where sometimes
iocg->delay is shifted right by a number that is too large,
resulting in undefined behavior on some architectures.
[ 186.556576] ------------[ cut here ]------------
UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23
shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long')
CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1
Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020
Call Trace:
<IRQ>
dump_stack_lvl+0x8f/0xe0
__ubsan_handle_shift_out_of_bounds+0x22c/0x280
iocg_kick_delay+0x30b/0x310
ioc_timer_fn+0x2fb/0x1f80
__run_timer_base+0x1b6/0x250
...
Avoid that undefined behavior by simply taking the
"delay = 0" branch if the shift is too large.
I am not sure what the symptoms of an undefined value
delay will be, but I suspect it could be more than a
little annoying to debug.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 Version: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 Version: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 Version: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 Version: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 Version: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:19:24.548838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:36:10.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-05T08:03:32.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-iocost.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "62accf6c1d7b433752cb3591bba8967b7a801ad5",
"status": "affected",
"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
"versionType": "git"
},
{
"lessThan": "844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1",
"status": "affected",
"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
"versionType": "git"
},
{
"lessThan": "f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca",
"status": "affected",
"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
"versionType": "git"
},
{
"lessThan": "ce0e99cae00e3131872936713b7f55eefd53ab86",
"status": "affected",
"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
"versionType": "git"
},
{
"lessThan": "488dc6808cb8369685f18cee81e88e7052ac153b",
"status": "affected",
"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
"versionType": "git"
},
{
"lessThan": "beaa51b36012fad5a4d3c18b88a617aea7a9b96d",
"status": "affected",
"version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-iocost.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: avoid out of bounds shift\n\nUBSAN catches undefined behavior in blk-iocost, where sometimes\niocg-\u003edelay is shifted right by a number that is too large,\nresulting in undefined behavior on some architectures.\n\n[ 186.556576] ------------[ cut here ]------------\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23\nshift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka \u0027unsigned long long\u0027)\nCPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1\nHardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x8f/0xe0\n __ubsan_handle_shift_out_of_bounds+0x22c/0x280\n iocg_kick_delay+0x30b/0x310\n ioc_timer_fn+0x2fb/0x1f80\n __run_timer_base+0x1b6/0x250\n...\n\nAvoid that undefined behavior by simply taking the\n\"delay = 0\" branch if the shift is too large.\n\nI am not sure what the symptoms of an undefined value\ndelay will be, but I suspect it could be more than a\nlittle annoying to debug."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:27:33.761Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5"
},
{
"url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1"
},
{
"url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca"
},
{
"url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86"
},
{
"url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b"
},
{
"url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d"
}
],
"title": "blk-iocost: avoid out of bounds shift",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36916",
"datePublished": "2024-05-30T15:29:12.745Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2025-05-20T14:27:33.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38599 (GCVE-0-2024-38599)
Vulnerability from cvelistv5
Published
2024-06-19 13:45
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jffs2: prevent xattr node from overflowing the eraseblock
Add a check to make sure that the requested xattr node size is no larger
than the eraseblock minus the cleanmarker.
Unlike the usual inode nodes, the xattr nodes aren't split into parts
and spread across multiple eraseblocks, which means that a xattr node
must not occupy more than one eraseblock. If the requested xattr value is
too large, the xattr node can spill onto the next eraseblock, overwriting
the nodes and causing errors such as:
jffs2: argh. node added in wrong place at 0x0000b050(2)
jffs2: nextblock 0x0000a000, expected at 0000b00c
jffs2: error: (823) do_verify_xattr_datum: node CRC failed at 0x01e050,
read=0xfc892c93, calc=0x000000
jffs2: notice: (823) jffs2_get_inode_nodes: Node header CRC failed
at 0x01e00c. {848f,2fc4,0fef511f,59a3d171}
jffs2: Node at 0x0000000c with length 0x00001044 would run over the
end of the erase block
jffs2: Perhaps the file system was created with the wrong erase size?
jffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found
at 0x00000010: 0x1044 instead
This breaks the filesystem and can lead to KASAN crashes such as:
BUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x125e/0x15d0
Read of size 4 at addr ffff88802c31e914 by task repro/830
CPU: 0 PID: 830 Comm: repro Not tainted 6.9.0-rc3+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS Arch Linux 1.16.3-1-1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xc6/0x120
print_report+0xc4/0x620
? __virt_addr_valid+0x308/0x5b0
kasan_report+0xc1/0xf0
? jffs2_sum_add_kvec+0x125e/0x15d0
? jffs2_sum_add_kvec+0x125e/0x15d0
jffs2_sum_add_kvec+0x125e/0x15d0
jffs2_flash_direct_writev+0xa8/0xd0
jffs2_flash_writev+0x9c9/0xef0
? __x64_sys_setxattr+0xc4/0x160
? do_syscall_64+0x69/0x140
? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[...]
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2904e1d9b64f72d291095e3cbb31634f08788b11"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/526235dffcac74c7823ed504dfac4f88d84ba5df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1d21bcd78cf4a4353e1e835789429c6b76aca8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f06969df2e40ab1dc8f4364a5de967830c74a098"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af82d8d2179b7277ad627c39e7e0778f1c86ccdb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d431391320c5c5398ff966fb3a95e68a7def275"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/978a12c91b38bf1a213e567f3c20e2beef215f07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6854e5a267c28300ff045480b5a7ee7f6f1d913"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:27.704743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:54.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jffs2/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2904e1d9b64f72d291095e3cbb31634f08788b11",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "526235dffcac74c7823ed504dfac4f88d84ba5df",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "a1d21bcd78cf4a4353e1e835789429c6b76aca8b",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "f06969df2e40ab1dc8f4364a5de967830c74a098",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "af82d8d2179b7277ad627c39e7e0778f1c86ccdb",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "8d431391320c5c5398ff966fb3a95e68a7def275",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "978a12c91b38bf1a213e567f3c20e2beef215f07",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "c6854e5a267c28300ff045480b5a7ee7f6f1d913",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jffs2/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.18"
},
{
"lessThan": "2.6.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: prevent xattr node from overflowing the eraseblock\n\nAdd a check to make sure that the requested xattr node size is no larger\nthan the eraseblock minus the cleanmarker.\n\nUnlike the usual inode nodes, the xattr nodes aren\u0027t split into parts\nand spread across multiple eraseblocks, which means that a xattr node\nmust not occupy more than one eraseblock. If the requested xattr value is\ntoo large, the xattr node can spill onto the next eraseblock, overwriting\nthe nodes and causing errors such as:\n\njffs2: argh. node added in wrong place at 0x0000b050(2)\njffs2: nextblock 0x0000a000, expected at 0000b00c\njffs2: error: (823) do_verify_xattr_datum: node CRC failed at 0x01e050,\nread=0xfc892c93, calc=0x000000\njffs2: notice: (823) jffs2_get_inode_nodes: Node header CRC failed\nat 0x01e00c. {848f,2fc4,0fef511f,59a3d171}\njffs2: Node at 0x0000000c with length 0x00001044 would run over the\nend of the erase block\njffs2: Perhaps the file system was created with the wrong erase size?\njffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found\nat 0x00000010: 0x1044 instead\n\nThis breaks the filesystem and can lead to KASAN crashes such as:\n\nBUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x125e/0x15d0\nRead of size 4 at addr ffff88802c31e914 by task repro/830\nCPU: 0 PID: 830 Comm: repro Not tainted 6.9.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS Arch Linux 1.16.3-1-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc6/0x120\n print_report+0xc4/0x620\n ? __virt_addr_valid+0x308/0x5b0\n kasan_report+0xc1/0xf0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_flash_direct_writev+0xa8/0xd0\n jffs2_flash_writev+0x9c9/0xef0\n ? __x64_sys_setxattr+0xc4/0x160\n ? do_syscall_64+0x69/0x140\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:58.907Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2904e1d9b64f72d291095e3cbb31634f08788b11"
},
{
"url": "https://git.kernel.org/stable/c/526235dffcac74c7823ed504dfac4f88d84ba5df"
},
{
"url": "https://git.kernel.org/stable/c/f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8"
},
{
"url": "https://git.kernel.org/stable/c/a1d21bcd78cf4a4353e1e835789429c6b76aca8b"
},
{
"url": "https://git.kernel.org/stable/c/f06969df2e40ab1dc8f4364a5de967830c74a098"
},
{
"url": "https://git.kernel.org/stable/c/af82d8d2179b7277ad627c39e7e0778f1c86ccdb"
},
{
"url": "https://git.kernel.org/stable/c/8d431391320c5c5398ff966fb3a95e68a7def275"
},
{
"url": "https://git.kernel.org/stable/c/978a12c91b38bf1a213e567f3c20e2beef215f07"
},
{
"url": "https://git.kernel.org/stable/c/c6854e5a267c28300ff045480b5a7ee7f6f1d913"
}
],
"title": "jffs2: prevent xattr node from overflowing the eraseblock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38599",
"datePublished": "2024-06-19T13:45:47.968Z",
"dateReserved": "2024-06-18T19:36:34.932Z",
"dateUpdated": "2025-05-04T09:14:58.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38603 (GCVE-0-2024-38603)
Vulnerability from cvelistv5
Published
2024-06-19 13:48
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()
pci_alloc_irq_vectors() allocates an irq vector. When devm_add_action()
fails, the irq vector is not freed, which leads to a memory leak.
Replace the devm_add_action with devm_add_action_or_reset to ensure
the irq vector can be destroyed when it fails.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1491a01ef5a98149048b12e208f6ed8e86ad10b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7678a16c25b6ece1667ac681e3e783ff3de7a6f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2fcffaaf529d5fe3fdc6c0ee65a6f266b74de782"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1e86f1ef8fa796f8935be392457639f3a907d91"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/582c1aeee0a9e73010cf1c4cef338709860deeb0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:15.047370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:53.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/perf/hisilicon/hns3_pmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1491a01ef5a98149048b12e208f6ed8e86ad10b9",
"status": "affected",
"version": "66637ab137b44914356a9dc7a9b3f8ebcf0b0695",
"versionType": "git"
},
{
"lessThan": "a7678a16c25b6ece1667ac681e3e783ff3de7a6f",
"status": "affected",
"version": "66637ab137b44914356a9dc7a9b3f8ebcf0b0695",
"versionType": "git"
},
{
"lessThan": "2fcffaaf529d5fe3fdc6c0ee65a6f266b74de782",
"status": "affected",
"version": "66637ab137b44914356a9dc7a9b3f8ebcf0b0695",
"versionType": "git"
},
{
"lessThan": "b1e86f1ef8fa796f8935be392457639f3a907d91",
"status": "affected",
"version": "66637ab137b44914356a9dc7a9b3f8ebcf0b0695",
"versionType": "git"
},
{
"lessThan": "582c1aeee0a9e73010cf1c4cef338709860deeb0",
"status": "affected",
"version": "66637ab137b44914356a9dc7a9b3f8ebcf0b0695",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/perf/hisilicon/hns3_pmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()\n\npci_alloc_irq_vectors() allocates an irq vector. When devm_add_action()\nfails, the irq vector is not freed, which leads to a memory leak.\n\nReplace the devm_add_action with devm_add_action_or_reset to ensure\nthe irq vector can be destroyed when it fails."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:05.547Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1491a01ef5a98149048b12e208f6ed8e86ad10b9"
},
{
"url": "https://git.kernel.org/stable/c/a7678a16c25b6ece1667ac681e3e783ff3de7a6f"
},
{
"url": "https://git.kernel.org/stable/c/2fcffaaf529d5fe3fdc6c0ee65a6f266b74de782"
},
{
"url": "https://git.kernel.org/stable/c/b1e86f1ef8fa796f8935be392457639f3a907d91"
},
{
"url": "https://git.kernel.org/stable/c/582c1aeee0a9e73010cf1c4cef338709860deeb0"
}
],
"title": "drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38603",
"datePublished": "2024-06-19T13:48:14.426Z",
"dateReserved": "2024-06-18T19:36:34.933Z",
"dateUpdated": "2025-05-04T09:15:05.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36975 (GCVE-0-2024-36975)
Vulnerability from cvelistv5
Published
2024-06-18 19:20
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KEYS: trusted: Do not use WARN when encode fails
When asn1_encode_sequence() fails, WARN is not the correct solution.
1. asn1_encode_sequence() is not an internal function (located
in lib/asn1_encode.c).
2. Location is known, which makes the stack trace useless.
3. Results a crash if panic_on_warn is set.
It is also noteworthy that the use of WARN is undocumented, and it
should be avoided unless there is a carefully considered rationale to
use it.
Replace WARN with pr_err, and print the return value instead, which is
only useful piece of information.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f2219745250f388edacabe6cca73654131c67d0a Version: f2219745250f388edacabe6cca73654131c67d0a Version: f2219745250f388edacabe6cca73654131c67d0a Version: f2219745250f388edacabe6cca73654131c67d0a Version: f2219745250f388edacabe6cca73654131c67d0a Version: f2219745250f388edacabe6cca73654131c67d0a |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96f650995c70237b061b497c66755e32908f8972"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/681935009fec3fc22af97ee312d4a24ccf3cf087"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c652e1e10676f942149052d9329b8bf2703529a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d32c6e09f7c4bec3ebc4941323f0aa6366bc1487"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff91cc12faf798f573dab2abc976c1d5b1862fea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/050bf3c793a07f96bd1e2fd62e1447f731ed733b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:22.914846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:58.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/keys/trusted-keys/trusted_tpm2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "96f650995c70237b061b497c66755e32908f8972",
"status": "affected",
"version": "f2219745250f388edacabe6cca73654131c67d0a",
"versionType": "git"
},
{
"lessThan": "681935009fec3fc22af97ee312d4a24ccf3cf087",
"status": "affected",
"version": "f2219745250f388edacabe6cca73654131c67d0a",
"versionType": "git"
},
{
"lessThan": "1c652e1e10676f942149052d9329b8bf2703529a",
"status": "affected",
"version": "f2219745250f388edacabe6cca73654131c67d0a",
"versionType": "git"
},
{
"lessThan": "d32c6e09f7c4bec3ebc4941323f0aa6366bc1487",
"status": "affected",
"version": "f2219745250f388edacabe6cca73654131c67d0a",
"versionType": "git"
},
{
"lessThan": "ff91cc12faf798f573dab2abc976c1d5b1862fea",
"status": "affected",
"version": "f2219745250f388edacabe6cca73654131c67d0a",
"versionType": "git"
},
{
"lessThan": "050bf3c793a07f96bd1e2fd62e1447f731ed733b",
"status": "affected",
"version": "f2219745250f388edacabe6cca73654131c67d0a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/keys/trusted-keys/trusted_tpm2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.92",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.160",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.92",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.32",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.11",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.2",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: Do not use WARN when encode fails\n\nWhen asn1_encode_sequence() fails, WARN is not the correct solution.\n\n1. asn1_encode_sequence() is not an internal function (located\n in lib/asn1_encode.c).\n2. Location is known, which makes the stack trace useless.\n3. Results a crash if panic_on_warn is set.\n\nIt is also noteworthy that the use of WARN is undocumented, and it\nshould be avoided unless there is a carefully considered rationale to\nuse it.\n\nReplace WARN with pr_err, and print the return value instead, which is\nonly useful piece of information."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:11.226Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/96f650995c70237b061b497c66755e32908f8972"
},
{
"url": "https://git.kernel.org/stable/c/681935009fec3fc22af97ee312d4a24ccf3cf087"
},
{
"url": "https://git.kernel.org/stable/c/1c652e1e10676f942149052d9329b8bf2703529a"
},
{
"url": "https://git.kernel.org/stable/c/d32c6e09f7c4bec3ebc4941323f0aa6366bc1487"
},
{
"url": "https://git.kernel.org/stable/c/ff91cc12faf798f573dab2abc976c1d5b1862fea"
},
{
"url": "https://git.kernel.org/stable/c/050bf3c793a07f96bd1e2fd62e1447f731ed733b"
}
],
"title": "KEYS: trusted: Do not use WARN when encode fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36975",
"datePublished": "2024-06-18T19:20:24.553Z",
"dateReserved": "2024-05-30T15:25:07.082Z",
"dateUpdated": "2025-05-04T09:13:11.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52866 (GCVE-0-2023-52866)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: uclogic: Fix user-memory-access bug in uclogic_params_ugee_v2_init_event_hooks()
When CONFIG_HID_UCLOGIC=y and CONFIG_KUNIT_ALL_TESTS=y, launch kernel and
then the below user-memory-access bug occurs.
In hid_test_uclogic_params_cleanup_event_hooks(),it call
uclogic_params_ugee_v2_init_event_hooks() with the first arg=NULL, so
when it calls uclogic_params_ugee_v2_has_battery(), the hid_get_drvdata()
will access hdev->dev with hdev=NULL, which will cause below
user-memory-access.
So add a fake_device with quirks member and call hid_set_drvdata()
to assign hdev->dev->driver_data which avoids the null-ptr-def bug
for drvdata->quirks in uclogic_params_ugee_v2_has_battery(). After applying
this patch, the below user-memory-access bug never occurs.
general protection fault, probably for non-canonical address 0xdffffc0000000329: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x0000000000001948-0x000000000000194f]
CPU: 5 PID: 2189 Comm: kunit_try_catch Tainted: G B W N 6.6.0-rc2+ #30
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:uclogic_params_ugee_v2_init_event_hooks+0x87/0x600
Code: f3 f3 65 48 8b 14 25 28 00 00 00 48 89 54 24 60 31 d2 48 89 fa c7 44 24 30 00 00 00 00 48 c7 44 24 28 02 f8 02 01 48 c1 ea 03 <80> 3c 02 00 0f 85 2c 04 00 00 48 8b 9d 48 19 00 00 48 b8 00 00 00
RSP: 0000:ffff88810679fc88 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000
RDX: 0000000000000329 RSI: ffff88810679fd88 RDI: 0000000000001948
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed1020f639f0
R10: ffff888107b1cf87 R11: 0000000000000400 R12: 1ffff11020cf3f92
R13: ffff88810679fd88 R14: ffff888100b97b08 R15: ffff8881030bb080
FS: 0000000000000000(0000) GS:ffff888119e80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000005286001 CR4: 0000000000770ee0
DR0: ffffffff8fdd6cf4 DR1: ffffffff8fdd6cf5 DR2: ffffffff8fdd6cf6
DR3: ffffffff8fdd6cf7 DR6: 00000000fffe0ff0 DR7: 0000000000000600
PKRU: 55555554
Call Trace:
<TASK>
? die_addr+0x3d/0xa0
? exc_general_protection+0x144/0x220
? asm_exc_general_protection+0x22/0x30
? uclogic_params_ugee_v2_init_event_hooks+0x87/0x600
? sched_clock_cpu+0x69/0x550
? uclogic_parse_ugee_v2_desc_gen_params+0x70/0x70
? load_balance+0x2950/0x2950
? rcu_trc_cmpxchg_need_qs+0x67/0xa0
hid_test_uclogic_params_cleanup_event_hooks+0x9e/0x1a0
? uclogic_params_ugee_v2_init_event_hooks+0x600/0x600
? __switch_to+0x5cf/0xe60
? migrate_enable+0x260/0x260
? __kthread_parkme+0x83/0x150
? kunit_try_run_case_cleanup+0xe0/0xe0
kunit_generic_run_threadfn_adapter+0x4a/0x90
? kunit_try_catch_throw+0x80/0x80
kthread+0x2b5/0x380
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x2d/0x70
? kthread_complete_and_exit+0x20/0x20
ret_from_fork_asm+0x11/0x20
</TASK>
Modules linked in:
Dumping ftrace buffer:
(ftrace buffer empty)
---[ end trace 0000000000000000 ]---
RIP: 0010:uclogic_params_ugee_v2_init_event_hooks+0x87/0x600
Code: f3 f3 65 48 8b 14 25 28 00 00 00 48 89 54 24 60 31 d2 48 89 fa c7 44 24 30 00 00 00 00 48 c7 44 24 28 02 f8 02 01 48 c1 ea 03 <80> 3c 02 00 0f 85 2c 04 00 00 48 8b 9d 48 19 00 00 48 b8 00 00 00
RSP: 0000:ffff88810679fc88 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000
RDX: 0000000000000329 RSI: ffff88810679fd88 RDI: 0000000000001948
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed1020f639f0
R10: ffff888107b1cf87 R11: 0000000000000400 R12: 1ffff11020cf3f92
R13: ffff88810679fd88 R14: ffff888100b97b08 R15: ffff8881030bb080
FS: 0000000000000000(0000) GS:ffff888119e80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000005286001 CR4: 0000000000770ee0
DR0: ffffffff8fdd6cf4 DR1:
---truncated---
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52866",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:53:04.832614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:47.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64da1f6147dac7f8499d4937a0d7ea990bf569e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c8f953728d75104d994893f58801c457274335a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/91cfe0bbaa1c434d4271eb6e1d7aaa1fe8d121f6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-uclogic-params-test.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "64da1f6147dac7f8499d4937a0d7ea990bf569e8",
"status": "affected",
"version": "a251d6576d2a29fc0806ef4775719e3b6e672d91",
"versionType": "git"
},
{
"lessThan": "6c8f953728d75104d994893f58801c457274335a",
"status": "affected",
"version": "a251d6576d2a29fc0806ef4775719e3b6e672d91",
"versionType": "git"
},
{
"lessThan": "91cfe0bbaa1c434d4271eb6e1d7aaa1fe8d121f6",
"status": "affected",
"version": "a251d6576d2a29fc0806ef4775719e3b6e672d91",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-uclogic-params-test.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: uclogic: Fix user-memory-access bug in uclogic_params_ugee_v2_init_event_hooks()\n\nWhen CONFIG_HID_UCLOGIC=y and CONFIG_KUNIT_ALL_TESTS=y, launch kernel and\nthen the below user-memory-access bug occurs.\n\nIn hid_test_uclogic_params_cleanup_event_hooks(),it call\nuclogic_params_ugee_v2_init_event_hooks() with the first arg=NULL, so\nwhen it calls uclogic_params_ugee_v2_has_battery(), the hid_get_drvdata()\nwill access hdev-\u003edev with hdev=NULL, which will cause below\nuser-memory-access.\n\nSo add a fake_device with quirks member and call hid_set_drvdata()\nto assign hdev-\u003edev-\u003edriver_data which avoids the null-ptr-def bug\nfor drvdata-\u003equirks in uclogic_params_ugee_v2_has_battery(). After applying\nthis patch, the below user-memory-access bug never occurs.\n\n general protection fault, probably for non-canonical address 0xdffffc0000000329: 0000 [#1] PREEMPT SMP KASAN\n KASAN: probably user-memory-access in range [0x0000000000001948-0x000000000000194f]\n CPU: 5 PID: 2189 Comm: kunit_try_catch Tainted: G B W N 6.6.0-rc2+ #30\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:uclogic_params_ugee_v2_init_event_hooks+0x87/0x600\n Code: f3 f3 65 48 8b 14 25 28 00 00 00 48 89 54 24 60 31 d2 48 89 fa c7 44 24 30 00 00 00 00 48 c7 44 24 28 02 f8 02 01 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 2c 04 00 00 48 8b 9d 48 19 00 00 48 b8 00 00 00\n RSP: 0000:ffff88810679fc88 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000\n RDX: 0000000000000329 RSI: ffff88810679fd88 RDI: 0000000000001948\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed1020f639f0\n R10: ffff888107b1cf87 R11: 0000000000000400 R12: 1ffff11020cf3f92\n R13: ffff88810679fd88 R14: ffff888100b97b08 R15: ffff8881030bb080\n FS: 0000000000000000(0000) GS:ffff888119e80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000000005286001 CR4: 0000000000770ee0\n DR0: ffffffff8fdd6cf4 DR1: ffffffff8fdd6cf5 DR2: ffffffff8fdd6cf6\n DR3: ffffffff8fdd6cf7 DR6: 00000000fffe0ff0 DR7: 0000000000000600\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? die_addr+0x3d/0xa0\n ? exc_general_protection+0x144/0x220\n ? asm_exc_general_protection+0x22/0x30\n ? uclogic_params_ugee_v2_init_event_hooks+0x87/0x600\n ? sched_clock_cpu+0x69/0x550\n ? uclogic_parse_ugee_v2_desc_gen_params+0x70/0x70\n ? load_balance+0x2950/0x2950\n ? rcu_trc_cmpxchg_need_qs+0x67/0xa0\n hid_test_uclogic_params_cleanup_event_hooks+0x9e/0x1a0\n ? uclogic_params_ugee_v2_init_event_hooks+0x600/0x600\n ? __switch_to+0x5cf/0xe60\n ? migrate_enable+0x260/0x260\n ? __kthread_parkme+0x83/0x150\n ? kunit_try_run_case_cleanup+0xe0/0xe0\n kunit_generic_run_threadfn_adapter+0x4a/0x90\n ? kunit_try_catch_throw+0x80/0x80\n kthread+0x2b5/0x380\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x2d/0x70\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n Modules linked in:\n Dumping ftrace buffer:\n (ftrace buffer empty)\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:uclogic_params_ugee_v2_init_event_hooks+0x87/0x600\n Code: f3 f3 65 48 8b 14 25 28 00 00 00 48 89 54 24 60 31 d2 48 89 fa c7 44 24 30 00 00 00 00 48 c7 44 24 28 02 f8 02 01 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 2c 04 00 00 48 8b 9d 48 19 00 00 48 b8 00 00 00\n RSP: 0000:ffff88810679fc88 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000\n RDX: 0000000000000329 RSI: ffff88810679fd88 RDI: 0000000000001948\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed1020f639f0\n R10: ffff888107b1cf87 R11: 0000000000000400 R12: 1ffff11020cf3f92\n R13: ffff88810679fd88 R14: ffff888100b97b08 R15: ffff8881030bb080\n FS: 0000000000000000(0000) GS:ffff888119e80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000000005286001 CR4: 0000000000770ee0\n DR0: ffffffff8fdd6cf4 DR1: \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:36.238Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/64da1f6147dac7f8499d4937a0d7ea990bf569e8"
},
{
"url": "https://git.kernel.org/stable/c/6c8f953728d75104d994893f58801c457274335a"
},
{
"url": "https://git.kernel.org/stable/c/91cfe0bbaa1c434d4271eb6e1d7aaa1fe8d121f6"
}
],
"title": "HID: uclogic: Fix user-memory-access bug in uclogic_params_ugee_v2_init_event_hooks()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52866",
"datePublished": "2024-05-21T15:31:57.191Z",
"dateReserved": "2024-05-21T15:19:24.262Z",
"dateUpdated": "2025-05-04T07:44:36.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38582 (GCVE-0-2024-38582)
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential hang in nilfs_detach_log_writer()
Syzbot has reported a potential hang in nilfs_detach_log_writer() called
during nilfs2 unmount.
Analysis revealed that this is because nilfs_segctor_sync(), which
synchronizes with the log writer thread, can be called after
nilfs_segctor_destroy() terminates that thread, as shown in the call trace
below:
nilfs_detach_log_writer
nilfs_segctor_destroy
nilfs_segctor_kill_thread --> Shut down log writer thread
flush_work
nilfs_iput_work_func
nilfs_dispose_list
iput
nilfs_evict_inode
nilfs_transaction_commit
nilfs_construct_segment (if inode needs sync)
nilfs_segctor_sync --> Attempt to synchronize with
log writer thread
*** DEADLOCK ***
Fix this issue by changing nilfs_segctor_sync() so that the log writer
thread returns normally without synchronizing after it terminates, and by
forcing tasks that are already waiting to complete once after the thread
terminates.
The skipped inode metadata flushout will then be processed together in the
subsequent cleanup work in nilfs_segctor_destroy().
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T14:52:09.028015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T18:41:35.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "911d38be151921a5d152bb55e81fd752384c6830",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eff7cdf890b02596b8d73e910bdbdd489175dbdb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a8799662fed1f8747edae87a1937549288baca6a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6e5c8e8e024e147b834f56f2115aad241433679b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c516db6ab9eabbedbc430b4f93b0d8728e9b427f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eb85dace897c5986bc2f36b3c783c6abb8a4292e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential hang in nilfs_detach_log_writer()\n\nSyzbot has reported a potential hang in nilfs_detach_log_writer() called\nduring nilfs2 unmount.\n\nAnalysis revealed that this is because nilfs_segctor_sync(), which\nsynchronizes with the log writer thread, can be called after\nnilfs_segctor_destroy() terminates that thread, as shown in the call trace\nbelow:\n\nnilfs_detach_log_writer\n nilfs_segctor_destroy\n nilfs_segctor_kill_thread --\u003e Shut down log writer thread\n flush_work\n nilfs_iput_work_func\n nilfs_dispose_list\n iput\n nilfs_evict_inode\n nilfs_transaction_commit\n nilfs_construct_segment (if inode needs sync)\n nilfs_segctor_sync --\u003e Attempt to synchronize with\n log writer thread\n *** DEADLOCK ***\n\nFix this issue by changing nilfs_segctor_sync() so that the log writer\nthread returns normally without synchronizing after it terminates, and by\nforcing tasks that are already waiting to complete once after the thread\nterminates.\n\nThe skipped inode metadata flushout will then be processed together in the\nsubsequent cleanup work in nilfs_segctor_destroy()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:36.500Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830"
},
{
"url": "https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b"
},
{
"url": "https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb"
},
{
"url": "https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd"
},
{
"url": "https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0"
},
{
"url": "https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a"
},
{
"url": "https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b"
},
{
"url": "https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f"
},
{
"url": "https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e"
}
],
"title": "nilfs2: fix potential hang in nilfs_detach_log_writer()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38582",
"datePublished": "2024-06-19T13:37:39.163Z",
"dateReserved": "2024-06-18T19:36:34.928Z",
"dateUpdated": "2025-05-04T09:14:36.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52769 (GCVE-0-2023-52769)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix htt mlo-offset event locking
The ath12k active pdevs are protected by RCU but the htt mlo-offset
event handling code calling ath12k_mac_get_ar_by_pdev_id() was not
marked as a read-side critical section.
Mark the code in question as an RCU read-side critical section to avoid
any potential use-after-free issues.
Compile tested only.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d908ca431e20b0e4bfc5d911d1744910ed779bdb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afd3425bd69610f318403084fe491e24a1357fb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6afc57ea315e0f660b1f870a681737bb7b71faef"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:37:02.913580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:55.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/dp_rx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d908ca431e20b0e4bfc5d911d1744910ed779bdb",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "afd3425bd69610f318403084fe491e24a1357fb9",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "6afc57ea315e0f660b1f870a681737bb7b71faef",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/dp_rx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix htt mlo-offset event locking\n\nThe ath12k active pdevs are protected by RCU but the htt mlo-offset\nevent handling code calling ath12k_mac_get_ar_by_pdev_id() was not\nmarked as a read-side critical section.\n\nMark the code in question as an RCU read-side critical section to avoid\nany potential use-after-free issues.\n\nCompile tested only."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:46.864Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d908ca431e20b0e4bfc5d911d1744910ed779bdb"
},
{
"url": "https://git.kernel.org/stable/c/afd3425bd69610f318403084fe491e24a1357fb9"
},
{
"url": "https://git.kernel.org/stable/c/6afc57ea315e0f660b1f870a681737bb7b71faef"
}
],
"title": "wifi: ath12k: fix htt mlo-offset event locking",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52769",
"datePublished": "2024-05-21T15:30:52.308Z",
"dateReserved": "2024-05-21T15:19:24.238Z",
"dateUpdated": "2025-05-04T07:42:46.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52809 (GCVE-0-2023-52809)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
fc_lport_ptp_setup() did not check the return value of fc_rport_create()
which can return NULL and would cause a NULL pointer dereference. Address
this issue by checking return value of fc_rport_create() and log error
message on fc_rport_create() failed.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/930f0aaba4820d6362de4e6ed569eaf444f1ea4e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77072ec41d6ab3718c3fc639bc149b8037caedfa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b549acf999824d4f751ca57965700372f2f3ad00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bb83f79f90e92f46466adcfd4fd264a7ae0f0f01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56d78b5495ebecbb9395101f3be177cd0a52450b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/442fd24d7b6b29e4a9cd9225afba4142d5f522ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6fe7261b92b21109678747f36df9fdab1e30c34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b9ecf4e1032e645873933e5b43cbb84cac19106"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4df105f0ce9f6f30cda4e99f577150d23f0c9c5f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:44.046464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:54.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/libfc/fc_lport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "930f0aaba4820d6362de4e6ed569eaf444f1ea4e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "77072ec41d6ab3718c3fc639bc149b8037caedfa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b549acf999824d4f751ca57965700372f2f3ad00",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bb83f79f90e92f46466adcfd4fd264a7ae0f0f01",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "56d78b5495ebecbb9395101f3be177cd0a52450b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "442fd24d7b6b29e4a9cd9225afba4142d5f522ba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f6fe7261b92b21109678747f36df9fdab1e30c34",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6b9ecf4e1032e645873933e5b43cbb84cac19106",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4df105f0ce9f6f30cda4e99f577150d23f0c9c5f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/libfc/fc_lport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()\n\nfc_lport_ptp_setup() did not check the return value of fc_rport_create()\nwhich can return NULL and would cause a NULL pointer dereference. Address\nthis issue by checking return value of fc_rport_create() and log error\nmessage on fc_rport_create() failed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:35.849Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/930f0aaba4820d6362de4e6ed569eaf444f1ea4e"
},
{
"url": "https://git.kernel.org/stable/c/77072ec41d6ab3718c3fc639bc149b8037caedfa"
},
{
"url": "https://git.kernel.org/stable/c/b549acf999824d4f751ca57965700372f2f3ad00"
},
{
"url": "https://git.kernel.org/stable/c/bb83f79f90e92f46466adcfd4fd264a7ae0f0f01"
},
{
"url": "https://git.kernel.org/stable/c/56d78b5495ebecbb9395101f3be177cd0a52450b"
},
{
"url": "https://git.kernel.org/stable/c/442fd24d7b6b29e4a9cd9225afba4142d5f522ba"
},
{
"url": "https://git.kernel.org/stable/c/f6fe7261b92b21109678747f36df9fdab1e30c34"
},
{
"url": "https://git.kernel.org/stable/c/6b9ecf4e1032e645873933e5b43cbb84cac19106"
},
{
"url": "https://git.kernel.org/stable/c/4df105f0ce9f6f30cda4e99f577150d23f0c9c5f"
}
],
"title": "scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52809",
"datePublished": "2024-05-21T15:31:18.982Z",
"dateReserved": "2024-05-21T15:19:24.248Z",
"dateUpdated": "2025-05-04T07:43:35.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48772 (GCVE-0-2022-48772)
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2025-05-04 08:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: lgdt3306a: Add a check against null-pointer-def
The driver should check whether the client provides the platform_data.
The following log reveals it:
[ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40
[ 29.610730] Read of size 40 at addr 0000000000000000 by task bash/414
[ 29.612820] Call Trace:
[ 29.613030] <TASK>
[ 29.613201] dump_stack_lvl+0x56/0x6f
[ 29.613496] ? kmemdup+0x30/0x40
[ 29.613754] print_report.cold+0x494/0x6b7
[ 29.614082] ? kmemdup+0x30/0x40
[ 29.614340] kasan_report+0x8a/0x190
[ 29.614628] ? kmemdup+0x30/0x40
[ 29.614888] kasan_check_range+0x14d/0x1d0
[ 29.615213] memcpy+0x20/0x60
[ 29.615454] kmemdup+0x30/0x40
[ 29.615700] lgdt3306a_probe+0x52/0x310
[ 29.616339] i2c_device_probe+0x951/0xa90
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T16:35:41.584253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T16:36:24.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8915dcd29a82096acacf54364a8425363782aea0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b479fd59a1f4a342b69fce34f222d93bf791dca4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/526238d32c3acc3d597fd8c9a34652bfe9086cea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d082757b8359201c3864323cea4b91ea30a1e676"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d12e918f2994c883f41f22552a61b9310fa1e87"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e1e00718d0d9dd83337300572561e30b9c0d115"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1115ddbda9c930fba0fdd062e7a8873ebaf898d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-frontends/lgdt3306a.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8915dcd29a82096acacf54364a8425363782aea0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b479fd59a1f4a342b69fce34f222d93bf791dca4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "526238d32c3acc3d597fd8c9a34652bfe9086cea",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d082757b8359201c3864323cea4b91ea30a1e676",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7d12e918f2994c883f41f22552a61b9310fa1e87",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8e1e00718d0d9dd83337300572561e30b9c0d115",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c1115ddbda9c930fba0fdd062e7a8873ebaf898d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-frontends/lgdt3306a.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: lgdt3306a: Add a check against null-pointer-def\n\nThe driver should check whether the client provides the platform_data.\n\nThe following log reveals it:\n\n[ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40\n[ 29.610730] Read of size 40 at addr 0000000000000000 by task bash/414\n[ 29.612820] Call Trace:\n[ 29.613030] \u003cTASK\u003e\n[ 29.613201] dump_stack_lvl+0x56/0x6f\n[ 29.613496] ? kmemdup+0x30/0x40\n[ 29.613754] print_report.cold+0x494/0x6b7\n[ 29.614082] ? kmemdup+0x30/0x40\n[ 29.614340] kasan_report+0x8a/0x190\n[ 29.614628] ? kmemdup+0x30/0x40\n[ 29.614888] kasan_check_range+0x14d/0x1d0\n[ 29.615213] memcpy+0x20/0x60\n[ 29.615454] kmemdup+0x30/0x40\n[ 29.615700] lgdt3306a_probe+0x52/0x310\n[ 29.616339] i2c_device_probe+0x951/0xa90"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:22:45.468Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8915dcd29a82096acacf54364a8425363782aea0"
},
{
"url": "https://git.kernel.org/stable/c/b479fd59a1f4a342b69fce34f222d93bf791dca4"
},
{
"url": "https://git.kernel.org/stable/c/526238d32c3acc3d597fd8c9a34652bfe9086cea"
},
{
"url": "https://git.kernel.org/stable/c/d082757b8359201c3864323cea4b91ea30a1e676"
},
{
"url": "https://git.kernel.org/stable/c/7d12e918f2994c883f41f22552a61b9310fa1e87"
},
{
"url": "https://git.kernel.org/stable/c/8e1e00718d0d9dd83337300572561e30b9c0d115"
},
{
"url": "https://git.kernel.org/stable/c/c1115ddbda9c930fba0fdd062e7a8873ebaf898d"
}
],
"title": "media: lgdt3306a: Add a check against null-pointer-def",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48772",
"datePublished": "2024-06-25T14:22:34.892Z",
"dateReserved": "2024-06-20T11:09:39.061Z",
"dateUpdated": "2025-05-04T08:22:45.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52846 (GCVE-0-2023-52846)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hsr: Prevent use after free in prp_create_tagged_frame()
The prp_fill_rct() function can fail. In that situation, it frees the
skb and returns NULL. Meanwhile on the success path, it returns the
original skb. So it's straight forward to fix bug by using the returned
value.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 451d8123f89791bb628277c0bdb4cae34a3563e6 Version: 451d8123f89791bb628277c0bdb4cae34a3563e6 Version: 451d8123f89791bb628277c0bdb4cae34a3563e6 Version: 451d8123f89791bb628277c0bdb4cae34a3563e6 Version: 451d8123f89791bb628277c0bdb4cae34a3563e6 Version: 451d8123f89791bb628277c0bdb4cae34a3563e6 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:22:52.516858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:53.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddf4e04e946aaa6c458b8b6829617cc44af2bffd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1a485e45d24b1cd8fe834fd6f1b06e2903827da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6086258bd5ea7b5c706ff62da42b8e271b2401db"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d103fb6726904e353b4773188ee3d3acb4078363"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/876f8ab52363f649bcc74072157dfd7adfbabc0d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/hsr/hsr_forward.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ddf4e04e946aaa6c458b8b6829617cc44af2bffd",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "a1a485e45d24b1cd8fe834fd6f1b06e2903827da",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "6086258bd5ea7b5c706ff62da42b8e271b2401db",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "d103fb6726904e353b4773188ee3d3acb4078363",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
},
{
"lessThan": "876f8ab52363f649bcc74072157dfd7adfbabc0d",
"status": "affected",
"version": "451d8123f89791bb628277c0bdb4cae34a3563e6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/hsr/hsr_forward.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Prevent use after free in prp_create_tagged_frame()\n\nThe prp_fill_rct() function can fail. In that situation, it frees the\nskb and returns NULL. Meanwhile on the success path, it returns the\noriginal skb. So it\u0027s straight forward to fix bug by using the returned\nvalue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:12.923Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ddf4e04e946aaa6c458b8b6829617cc44af2bffd"
},
{
"url": "https://git.kernel.org/stable/c/a1a485e45d24b1cd8fe834fd6f1b06e2903827da"
},
{
"url": "https://git.kernel.org/stable/c/6086258bd5ea7b5c706ff62da42b8e271b2401db"
},
{
"url": "https://git.kernel.org/stable/c/1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18"
},
{
"url": "https://git.kernel.org/stable/c/d103fb6726904e353b4773188ee3d3acb4078363"
},
{
"url": "https://git.kernel.org/stable/c/876f8ab52363f649bcc74072157dfd7adfbabc0d"
}
],
"title": "hsr: Prevent use after free in prp_create_tagged_frame()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52846",
"datePublished": "2024-05-21T15:31:43.863Z",
"dateReserved": "2024-05-21T15:19:24.254Z",
"dateUpdated": "2025-05-04T07:44:12.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35831 (GCVE-0-2024-35831)
Vulnerability from cvelistv5
Published
2024-05-17 13:41
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring: Fix release of pinned pages when __io_uaddr_map fails
Looking at the error path of __io_uaddr_map, if we fail after pinning
the pages for any reasons, ret will be set to -EINVAL and the error
handler won't properly release the pinned pages.
I didn't manage to trigger it without forcing a failure, but it can
happen in real life when memory is heavily fragmented.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:16:19.328229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:29.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b6f39c175ba5f0ef72bdb3b9d2a06ad78621d62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/712e2c8415f55a4a4ddaa98a430b87f624109f69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d376d7ad62b6a8e8dfff56b559d9d275e5b9b3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67d1189d1095d471ed7fa426c7e384a7140a5dd7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"io_uring/io_uring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0b6f39c175ba5f0ef72bdb3b9d2a06ad78621d62",
"status": "affected",
"version": "223ef474316466e9f61f6e0064f3a6fe4923a2c5",
"versionType": "git"
},
{
"lessThan": "712e2c8415f55a4a4ddaa98a430b87f624109f69",
"status": "affected",
"version": "223ef474316466e9f61f6e0064f3a6fe4923a2c5",
"versionType": "git"
},
{
"lessThan": "4d376d7ad62b6a8e8dfff56b559d9d275e5b9b3a",
"status": "affected",
"version": "223ef474316466e9f61f6e0064f3a6fe4923a2c5",
"versionType": "git"
},
{
"lessThan": "67d1189d1095d471ed7fa426c7e384a7140a5dd7",
"status": "affected",
"version": "223ef474316466e9f61f6e0064f3a6fe4923a2c5",
"versionType": "git"
},
{
"status": "affected",
"version": "3f3164ce6396138747984ee9e61158e248246300",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"io_uring/io_uring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: Fix release of pinned pages when __io_uaddr_map fails\n\nLooking at the error path of __io_uaddr_map, if we fail after pinning\nthe pages for any reasons, ret will be set to -EINVAL and the error\nhandler won\u0027t properly release the pinned pages.\n\nI didn\u0027t manage to trigger it without forcing a failure, but it can\nhappen in real life when memory is heavily fragmented."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:53.115Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0b6f39c175ba5f0ef72bdb3b9d2a06ad78621d62"
},
{
"url": "https://git.kernel.org/stable/c/712e2c8415f55a4a4ddaa98a430b87f624109f69"
},
{
"url": "https://git.kernel.org/stable/c/4d376d7ad62b6a8e8dfff56b559d9d275e5b9b3a"
},
{
"url": "https://git.kernel.org/stable/c/67d1189d1095d471ed7fa426c7e384a7140a5dd7"
}
],
"title": "io_uring: Fix release of pinned pages when __io_uaddr_map fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35831",
"datePublished": "2024-05-17T13:41:23.171Z",
"dateReserved": "2024-05-17T12:19:12.348Z",
"dateUpdated": "2025-05-04T12:55:53.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52832 (GCVE-0-2023-52832)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
We can get a UBSAN warning if ieee80211_get_tx_power() returns the
INT_MIN value mac80211 internally uses for "unset power level".
UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5
-2147483648 * 100 cannot be represented in type 'int'
CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE
Call Trace:
dump_stack+0x74/0x92
ubsan_epilogue+0x9/0x50
handle_overflow+0x8d/0xd0
__ubsan_handle_mul_overflow+0xe/0x10
nl80211_send_iface+0x688/0x6b0 [cfg80211]
[...]
cfg80211_register_wdev+0x78/0xb0 [cfg80211]
cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211]
[...]
ieee80211_if_add+0x60e/0x8f0 [mac80211]
ieee80211_register_hw+0xda5/0x1170 [mac80211]
In this case, simply return an error instead, to indicate
that no data is available.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "1da177e4c3f4"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "4.14.331"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "4.19.300"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.4.262"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.10.202"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15.140"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.64"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.5.13"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.3"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52832",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T19:51:54.630981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-920",
"description": "CWE-920 Improper Restriction of Power Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:53:19.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1571120c44dbe5757aee1612c5b6097cdc42710f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/298e767362cade639b7121ecb3cc5345b6529f62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/efeae5f4972f75d50002bc50eb112ab9e7069b18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/717de20abdcd1d4993fa450e28b8086a352620ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21a0f310a9f3bfd2b4cf4f382430e638607db846"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2be24c47ac19bf639c48c082486c08888bd603c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/adc2474d823fe81d8da759207f4f1d3691aa775a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a94cffe90e20e8fade0b9abd4370bd671fe87c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e160ab85166e77347d0cbe5149045cb25e83937f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/cfg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1571120c44dbe5757aee1612c5b6097cdc42710f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "298e767362cade639b7121ecb3cc5345b6529f62",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "efeae5f4972f75d50002bc50eb112ab9e7069b18",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "717de20abdcd1d4993fa450e28b8086a352620ea",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "21a0f310a9f3bfd2b4cf4f382430e638607db846",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2be24c47ac19bf639c48c082486c08888bd603c6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "adc2474d823fe81d8da759207f4f1d3691aa775a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5a94cffe90e20e8fade0b9abd4370bd671fe87c7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e160ab85166e77347d0cbe5149045cb25e83937f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/cfg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t return unset power in ieee80211_get_tx_power()\n\nWe can get a UBSAN warning if ieee80211_get_tx_power() returns the\nINT_MIN value mac80211 internally uses for \"unset power level\".\n\n UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5\n -2147483648 * 100 cannot be represented in type \u0027int\u0027\n CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE\n Call Trace:\n dump_stack+0x74/0x92\n ubsan_epilogue+0x9/0x50\n handle_overflow+0x8d/0xd0\n __ubsan_handle_mul_overflow+0xe/0x10\n nl80211_send_iface+0x688/0x6b0 [cfg80211]\n [...]\n cfg80211_register_wdev+0x78/0xb0 [cfg80211]\n cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211]\n [...]\n ieee80211_if_add+0x60e/0x8f0 [mac80211]\n ieee80211_register_hw+0xda5/0x1170 [mac80211]\n\nIn this case, simply return an error instead, to indicate\nthat no data is available."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:56.728Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1571120c44dbe5757aee1612c5b6097cdc42710f"
},
{
"url": "https://git.kernel.org/stable/c/298e767362cade639b7121ecb3cc5345b6529f62"
},
{
"url": "https://git.kernel.org/stable/c/efeae5f4972f75d50002bc50eb112ab9e7069b18"
},
{
"url": "https://git.kernel.org/stable/c/717de20abdcd1d4993fa450e28b8086a352620ea"
},
{
"url": "https://git.kernel.org/stable/c/21a0f310a9f3bfd2b4cf4f382430e638607db846"
},
{
"url": "https://git.kernel.org/stable/c/2be24c47ac19bf639c48c082486c08888bd603c6"
},
{
"url": "https://git.kernel.org/stable/c/adc2474d823fe81d8da759207f4f1d3691aa775a"
},
{
"url": "https://git.kernel.org/stable/c/5a94cffe90e20e8fade0b9abd4370bd671fe87c7"
},
{
"url": "https://git.kernel.org/stable/c/e160ab85166e77347d0cbe5149045cb25e83937f"
}
],
"title": "wifi: mac80211: don\u0027t return unset power in ieee80211_get_tx_power()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52832",
"datePublished": "2024-05-21T15:31:34.247Z",
"dateReserved": "2024-05-21T15:19:24.252Z",
"dateUpdated": "2025-05-04T07:43:56.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36017 (GCVE-0-2024-36017)
Vulnerability from cvelistv5
Published
2024-05-30 12:52
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
Each attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a
struct ifla_vf_vlan_info so the size of such attribute needs to be at least
of sizeof(struct ifla_vf_vlan_info) which is 14 bytes.
The current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes)
which is less than sizeof(struct ifla_vf_vlan_info) so this validation
is not enough and a too small attribute might be cast to a
struct ifla_vf_vlan_info, this might result in an out of bands
read access when accessing the saved (casted) entry in ivvl.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f Version: 79aab093a0b5370d7fc4e99df75996f4744dc03f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T18:50:37.165926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:50:48.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ac69ff2d0d5be9734c4402de932aa3dc8549c1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5e7ef2d88666a0212db8c38e6703864b9ce70169"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c8f44b02500c7d14b5e6618fe4ef9a0da47b3de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f3c1bf3054f96ddeab0621d920445bada769b40e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e4c7193954f4faab92f6e8d88bc5565317b44e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/206003c748b88890a910ef7142d18f77be57550b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a4b9757789a1551d2df130df23bfb3545bfa7e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1aec77b2bb2ed1db0f5efc61c4c1ca3813307489"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/rtnetlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8ac69ff2d0d5be9734c4402de932aa3dc8549c1a",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
},
{
"lessThan": "5e7ef2d88666a0212db8c38e6703864b9ce70169",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
},
{
"lessThan": "6c8f44b02500c7d14b5e6618fe4ef9a0da47b3de",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
},
{
"lessThan": "f3c1bf3054f96ddeab0621d920445bada769b40e",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
},
{
"lessThan": "6e4c7193954f4faab92f6e8d88bc5565317b44e7",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
},
{
"lessThan": "206003c748b88890a910ef7142d18f77be57550b",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
},
{
"lessThan": "4a4b9757789a1551d2df130df23bfb3545bfa7e8",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
},
{
"lessThan": "1aec77b2bb2ed1db0f5efc61c4c1ca3813307489",
"status": "affected",
"version": "79aab093a0b5370d7fc4e99df75996f4744dc03f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/rtnetlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation\n\nEach attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a\nstruct ifla_vf_vlan_info so the size of such attribute needs to be at least\nof sizeof(struct ifla_vf_vlan_info) which is 14 bytes.\nThe current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes)\nwhich is less than sizeof(struct ifla_vf_vlan_info) so this validation\nis not enough and a too small attribute might be cast to a\nstruct ifla_vf_vlan_info, this might result in an out of bands\nread access when accessing the saved (casted) entry in ivvl."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:39.898Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8ac69ff2d0d5be9734c4402de932aa3dc8549c1a"
},
{
"url": "https://git.kernel.org/stable/c/5e7ef2d88666a0212db8c38e6703864b9ce70169"
},
{
"url": "https://git.kernel.org/stable/c/6c8f44b02500c7d14b5e6618fe4ef9a0da47b3de"
},
{
"url": "https://git.kernel.org/stable/c/f3c1bf3054f96ddeab0621d920445bada769b40e"
},
{
"url": "https://git.kernel.org/stable/c/6e4c7193954f4faab92f6e8d88bc5565317b44e7"
},
{
"url": "https://git.kernel.org/stable/c/206003c748b88890a910ef7142d18f77be57550b"
},
{
"url": "https://git.kernel.org/stable/c/4a4b9757789a1551d2df130df23bfb3545bfa7e8"
},
{
"url": "https://git.kernel.org/stable/c/1aec77b2bb2ed1db0f5efc61c4c1ca3813307489"
}
],
"title": "rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36017",
"datePublished": "2024-05-30T12:52:03.554Z",
"dateReserved": "2024-05-17T13:50:33.154Z",
"dateUpdated": "2025-05-04T09:10:39.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52815 (GCVE-0-2023-52815)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-09-16 08:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/vkms: fix a possible null pointer dereference
In amdgpu_vkms_conn_get_modes(), the return value of drm_cvt_mode()
is assigned to mode, which will lead to a NULL pointer dereference
on failure of drm_cvt_mode(). Add a check to avoid null pointer
dereference.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:24:04.849816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:38.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eaa03ea366c85ae3cb69c8d4bbc67c8bc2167a27"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33fb1a555354bd593f785935ddcb5d9dd4d3847f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c6c85a073768df68c1a3fea143d013a38c66d34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70f831f21155c692bb336c434936fd6f24f3f81a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd90511557fdfb394bb4ac4c3b539b007383914c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eaa03ea366c85ae3cb69c8d4bbc67c8bc2167a27",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "33fb1a555354bd593f785935ddcb5d9dd4d3847f",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "8c6c85a073768df68c1a3fea143d013a38c66d34",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "70f831f21155c692bb336c434936fd6f24f3f81a",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "cd90511557fdfb394bb4ac4c3b539b007383914c",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vkms: fix a possible null pointer dereference\n\nIn amdgpu_vkms_conn_get_modes(), the return value of drm_cvt_mode()\nis assigned to mode, which will lead to a NULL pointer dereference\non failure of drm_cvt_mode(). Add a check to avoid null pointer\ndereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T08:02:13.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eaa03ea366c85ae3cb69c8d4bbc67c8bc2167a27"
},
{
"url": "https://git.kernel.org/stable/c/33fb1a555354bd593f785935ddcb5d9dd4d3847f"
},
{
"url": "https://git.kernel.org/stable/c/8c6c85a073768df68c1a3fea143d013a38c66d34"
},
{
"url": "https://git.kernel.org/stable/c/70f831f21155c692bb336c434936fd6f24f3f81a"
},
{
"url": "https://git.kernel.org/stable/c/cd90511557fdfb394bb4ac4c3b539b007383914c"
}
],
"title": "drm/amdgpu/vkms: fix a possible null pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52815",
"datePublished": "2024-05-21T15:31:22.918Z",
"dateReserved": "2024-05-21T15:19:24.248Z",
"dateUpdated": "2025-09-16T08:02:13.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36917 (GCVE-0-2024-36917)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: fix overflow in blk_ioctl_discard()
There is no check for overflow of 'start + len' in blk_ioctl_discard().
Hung task occurs if submit an discard ioctl with the following param:
start = 0x80000000000ff000, len = 0x8000000000fff000;
Add the overflow validation now.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:26:26.159225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T14:26:29.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a26198186e97ee5fc4b42fde82629cff8c75cd6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e1d38cde2b7b0fbd1c48082e7a98c37d750af59b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/507d526a98c355e6f3fb2c47aacad44a69784bee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8a26198186e97ee5fc4b42fde82629cff8c75cd6",
"status": "affected",
"version": "d30a2605be9d5132d95944916e8f578fcfe4f976",
"versionType": "git"
},
{
"lessThan": "e1d38cde2b7b0fbd1c48082e7a98c37d750af59b",
"status": "affected",
"version": "d30a2605be9d5132d95944916e8f578fcfe4f976",
"versionType": "git"
},
{
"lessThan": "507d526a98c355e6f3fb2c47aacad44a69784bee",
"status": "affected",
"version": "d30a2605be9d5132d95944916e8f578fcfe4f976",
"versionType": "git"
},
{
"lessThan": "22d24a544b0d49bbcbd61c8c0eaf77d3c9297155",
"status": "affected",
"version": "d30a2605be9d5132d95944916e8f578fcfe4f976",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.28"
},
{
"lessThan": "2.6.28",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix overflow in blk_ioctl_discard()\n\nThere is no check for overflow of \u0027start + len\u0027 in blk_ioctl_discard().\nHung task occurs if submit an discard ioctl with the following param:\n start = 0x80000000000ff000, len = 0x8000000000fff000;\nAdd the overflow validation now."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:02.719Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8a26198186e97ee5fc4b42fde82629cff8c75cd6"
},
{
"url": "https://git.kernel.org/stable/c/e1d38cde2b7b0fbd1c48082e7a98c37d750af59b"
},
{
"url": "https://git.kernel.org/stable/c/507d526a98c355e6f3fb2c47aacad44a69784bee"
},
{
"url": "https://git.kernel.org/stable/c/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155"
}
],
"title": "block: fix overflow in blk_ioctl_discard()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36917",
"datePublished": "2024-05-30T15:29:13.327Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2025-05-04T09:12:02.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38554 (GCVE-0-2024-38554)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ax25: Fix reference count leak issue of net_device
There is a reference count leak issue of the object "net_device" in
ax25_dev_device_down(). When the ax25 device is shutting down, the
ax25_dev_device_down() drops the reference count of net_device one
or zero times depending on if we goto unlock_put or not, which will
cause memory leak.
In order to solve the above issue, decrease the reference count of
net_device after dev->ax25_ptr is set to null.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: ef0a2a0565727a48f2e36a2c461f8b1e3a61922d Version: e2b558fe507a1ed4c43db2b0057fc6e41f20a14c Version: 418993bbaafb0cd48f904ba68eeda052d624c821 Version: 5ea00fc60676c0eebfa8560ec461209d638bca9d Version: 9af0fd5c4453a44c692be0cbb3724859b75d739b |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ec437f9bbae68e9b38115c4c91de995f73f6bad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/965d940fb7414b310a22666503d2af69459c981b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8bad3a20a27be8d935f2aae08d3c6e743754944a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eef95df9b752699bddecefa851f64858247246e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36e56b1b002bb26440403053f19f9e1a8bc075b2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:44.470574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:57.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ax25/ax25_dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3ec437f9bbae68e9b38115c4c91de995f73f6bad",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "965d940fb7414b310a22666503d2af69459c981b",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "8bad3a20a27be8d935f2aae08d3c6e743754944a",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "eef95df9b752699bddecefa851f64858247246e9",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "36e56b1b002bb26440403053f19f9e1a8bc075b2",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"status": "affected",
"version": "ef0a2a0565727a48f2e36a2c461f8b1e3a61922d",
"versionType": "git"
},
{
"status": "affected",
"version": "e2b558fe507a1ed4c43db2b0057fc6e41f20a14c",
"versionType": "git"
},
{
"status": "affected",
"version": "418993bbaafb0cd48f904ba68eeda052d624c821",
"versionType": "git"
},
{
"status": "affected",
"version": "5ea00fc60676c0eebfa8560ec461209d638bca9d",
"versionType": "git"
},
{
"status": "affected",
"version": "9af0fd5c4453a44c692be0cbb3724859b75d739b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ax25/ax25_dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issue of net_device\n\nThere is a reference count leak issue of the object \"net_device\" in\nax25_dev_device_down(). When the ax25 device is shutting down, the\nax25_dev_device_down() drops the reference count of net_device one\nor zero times depending on if we goto unlock_put or not, which will\ncause memory leak.\n\nIn order to solve the above issue, decrease the reference count of\nnet_device after dev-\u003eax25_ptr is set to null."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:43.328Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3ec437f9bbae68e9b38115c4c91de995f73f6bad"
},
{
"url": "https://git.kernel.org/stable/c/965d940fb7414b310a22666503d2af69459c981b"
},
{
"url": "https://git.kernel.org/stable/c/8bad3a20a27be8d935f2aae08d3c6e743754944a"
},
{
"url": "https://git.kernel.org/stable/c/eef95df9b752699bddecefa851f64858247246e9"
},
{
"url": "https://git.kernel.org/stable/c/36e56b1b002bb26440403053f19f9e1a8bc075b2"
}
],
"title": "ax25: Fix reference count leak issue of net_device",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38554",
"datePublished": "2024-06-19T13:35:25.406Z",
"dateReserved": "2024-06-18T19:36:34.920Z",
"dateUpdated": "2025-05-04T12:56:43.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36915 (GCVE-0-2024-36915)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
syzbot reported unsafe calls to copy_from_sockptr() [1]
Use copy_safe_from_sockptr() instead.
[1]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]
BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255
Read of size 4 at addr ffff88801caa1ec3 by task syz-executor459/5078
CPU: 0 PID: 5078 Comm: syz-executor459 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
copy_from_sockptr include/linux/sockptr.h:55 [inline]
nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255
do_sock_setsockopt+0x3b1/0x720 net/socket.c:2311
__sys_setsockopt+0x1ae/0x250 net/socket.c:2334
__do_sys_setsockopt net/socket.c:2343 [inline]
__se_sys_setsockopt net/socket.c:2340 [inline]
__x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340
do_syscall_64+0xfd/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f7fac07fd89
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff660eb788 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fac07fd89
RDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000
R10: 0000000020000a80 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29dc0ea979d433dd3c26abc8fa971550bdc05107"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a87441c9651ba37842f4809224aca13a554a26f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:16:10.298210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:35:00.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/llcp_sock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "298609e7069ce74542a2253a39ccc9717f1d877a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0f106133203021533cb753e80d75896f4ad222f8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "29dc0ea979d433dd3c26abc8fa971550bdc05107",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7a87441c9651ba37842f4809224aca13a554a26f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/llcp_sock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.119",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: llcp: fix nfc_llcp_setsockopt() unsafe copies\n\nsyzbot reported unsafe calls to copy_from_sockptr() [1]\n\nUse copy_safe_from_sockptr() instead.\n\n[1]\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255\nRead of size 4 at addr ffff88801caa1ec3 by task syz-executor459/5078\n\nCPU: 0 PID: 5078 Comm: syz-executor459 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n copy_from_sockptr include/linux/sockptr.h:55 [inline]\n nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255\n do_sock_setsockopt+0x3b1/0x720 net/socket.c:2311\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfd/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\nRIP: 0033:0x7f7fac07fd89\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff660eb788 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fac07fd89\nRDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000004\nRBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000\nR10: 0000000020000a80 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:00.208Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/298609e7069ce74542a2253a39ccc9717f1d877a"
},
{
"url": "https://git.kernel.org/stable/c/0f106133203021533cb753e80d75896f4ad222f8"
},
{
"url": "https://git.kernel.org/stable/c/29dc0ea979d433dd3c26abc8fa971550bdc05107"
},
{
"url": "https://git.kernel.org/stable/c/7a87441c9651ba37842f4809224aca13a554a26f"
}
],
"title": "nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36915",
"datePublished": "2024-05-30T15:29:12.158Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2025-05-04T09:12:00.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52754 (GCVE-0-2023-52754)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: imon: fix access to invalid resource for the second interface
imon driver probes two USB interfaces, and at the probe of the second
interface, the driver assumes blindly that the first interface got
bound with the same imon driver. It's usually true, but it's still
possible that the first interface is bound with another driver via a
malformed descriptor. Then it may lead to a memory corruption, as
spotted by syzkaller; imon driver accesses the data from drvdata as
struct imon_context object although it's a completely different one
that was assigned by another driver.
This patch adds a sanity check -- whether the first interface is
really bound with the imon driver or not -- for avoiding the problem
above at the probe time.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T18:42:53.248204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:36.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f5068519f89d928d6c51100e4b274479123829f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5e0b788fb96be36d1baf1a5c88d09c7c82a0452a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b083aaf5db2eeca9e362723258e5d8698f7dd84e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a493a34bd6e496c55fabedd82b957193ace178f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1766a4fd83befa0b34d932d532e7ebb7fab1fa7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/rc/imon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0f5068519f89d928d6c51100e4b274479123829f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5e0b788fb96be36d1baf1a5c88d09c7c82a0452a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b083aaf5db2eeca9e362723258e5d8698f7dd84e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2a493a34bd6e496c55fabedd82b957193ace178f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a1766a4fd83befa0b34d932d532e7ebb7fab1fa7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/rc/imon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imon: fix access to invalid resource for the second interface\n\nimon driver probes two USB interfaces, and at the probe of the second\ninterface, the driver assumes blindly that the first interface got\nbound with the same imon driver. It\u0027s usually true, but it\u0027s still\npossible that the first interface is bound with another driver via a\nmalformed descriptor. Then it may lead to a memory corruption, as\nspotted by syzkaller; imon driver accesses the data from drvdata as\nstruct imon_context object although it\u0027s a completely different one\nthat was assigned by another driver.\n\nThis patch adds a sanity check -- whether the first interface is\nreally bound with the imon driver or not -- for avoiding the problem\nabove at the probe time."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:32.430Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f5068519f89d928d6c51100e4b274479123829f"
},
{
"url": "https://git.kernel.org/stable/c/5e0b788fb96be36d1baf1a5c88d09c7c82a0452a"
},
{
"url": "https://git.kernel.org/stable/c/b083aaf5db2eeca9e362723258e5d8698f7dd84e"
},
{
"url": "https://git.kernel.org/stable/c/10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9"
},
{
"url": "https://git.kernel.org/stable/c/2a493a34bd6e496c55fabedd82b957193ace178f"
},
{
"url": "https://git.kernel.org/stable/c/a1766a4fd83befa0b34d932d532e7ebb7fab1fa7"
}
],
"title": "media: imon: fix access to invalid resource for the second interface",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52754",
"datePublished": "2024-05-21T15:30:42.198Z",
"dateReserved": "2024-05-21T15:19:24.235Z",
"dateUpdated": "2025-05-04T07:42:32.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35957 (GCVE-0-2024-35957)
Vulnerability from cvelistv5
Published
2024-05-20 09:41
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix WARN_ON in iommu probe path
Commit 1a75cc710b95 ("iommu/vt-d: Use rbtree to track iommu probed
devices") adds all devices probed by the iommu driver in a rbtree
indexed by the source ID of each device. It assumes that each device
has a unique source ID. This assumption is incorrect and the VT-d
spec doesn't state this requirement either.
The reason for using a rbtree to track devices is to look up the device
with PCI bus and devfunc in the paths of handling ATS invalidation time
out error and the PRI I/O page faults. Both are PCI ATS feature related.
Only track the devices that have PCI ATS capabilities in the rbtree to
avoid unnecessary WARN_ON in the iommu probe path. Otherwise, on some
platforms below kernel splat will be displayed and the iommu probe results
in failure.
WARNING: CPU: 3 PID: 166 at drivers/iommu/intel/iommu.c:158 intel_iommu_probe_device+0x319/0xd90
Call Trace:
<TASK>
? __warn+0x7e/0x180
? intel_iommu_probe_device+0x319/0xd90
? report_bug+0x1f8/0x200
? handle_bug+0x3c/0x70
? exc_invalid_op+0x18/0x70
? asm_exc_invalid_op+0x1a/0x20
? intel_iommu_probe_device+0x319/0xd90
? debug_mutex_init+0x37/0x50
__iommu_probe_device+0xf2/0x4f0
iommu_probe_device+0x22/0x70
iommu_bus_notifier+0x1e/0x40
notifier_call_chain+0x46/0x150
blocking_notifier_call_chain+0x42/0x60
bus_notify+0x2f/0x50
device_add+0x5ed/0x7e0
platform_device_add+0xf5/0x240
mfd_add_devices+0x3f9/0x500
? preempt_count_add+0x4c/0xa0
? up_write+0xa2/0x1b0
? __debugfs_create_file+0xe3/0x150
intel_lpss_probe+0x49f/0x5b0
? pci_conf1_write+0xa3/0xf0
intel_lpss_pci_probe+0xcf/0x110 [intel_lpss_pci]
pci_device_probe+0x95/0x120
really_probe+0xd9/0x370
? __pfx___driver_attach+0x10/0x10
__driver_probe_device+0x73/0x150
driver_probe_device+0x19/0xa0
__driver_attach+0xb6/0x180
? __pfx___driver_attach+0x10/0x10
bus_for_each_dev+0x77/0xd0
bus_add_driver+0x114/0x210
driver_register+0x5b/0x110
? __pfx_intel_lpss_pci_driver_init+0x10/0x10 [intel_lpss_pci]
do_one_initcall+0x57/0x2b0
? kmalloc_trace+0x21e/0x280
? do_init_module+0x1e/0x210
do_init_module+0x5f/0x210
load_module+0x1d37/0x1fc0
? init_module_from_file+0x86/0xd0
init_module_from_file+0x86/0xd0
idempotent_init_module+0x17c/0x230
__x64_sys_finit_module+0x56/0xb0
do_syscall_64+0x6e/0x140
entry_SYSCALL_64_after_hwframe+0x71/0x79
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:23:39.677207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T21:46:31.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fba8ca3e6f608b92e54271fdbd3ce569361939fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89436f4f54125b1297aec1f466efd8acb4ec613d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fba8ca3e6f608b92e54271fdbd3ce569361939fc",
"status": "affected",
"version": "c618d446f1d64bdc9e426bab5e8619f224cde2ae",
"versionType": "git"
},
{
"lessThan": "89436f4f54125b1297aec1f466efd8acb4ec613d",
"status": "affected",
"version": "1a75cc710b956010137b4fe1d1fa3282bfd8f86c",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.8.7",
"status": "affected",
"version": "6.8.2",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "6.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix WARN_ON in iommu probe path\n\nCommit 1a75cc710b95 (\"iommu/vt-d: Use rbtree to track iommu probed\ndevices\") adds all devices probed by the iommu driver in a rbtree\nindexed by the source ID of each device. It assumes that each device\nhas a unique source ID. This assumption is incorrect and the VT-d\nspec doesn\u0027t state this requirement either.\n\nThe reason for using a rbtree to track devices is to look up the device\nwith PCI bus and devfunc in the paths of handling ATS invalidation time\nout error and the PRI I/O page faults. Both are PCI ATS feature related.\n\nOnly track the devices that have PCI ATS capabilities in the rbtree to\navoid unnecessary WARN_ON in the iommu probe path. Otherwise, on some\nplatforms below kernel splat will be displayed and the iommu probe results\nin failure.\n\n WARNING: CPU: 3 PID: 166 at drivers/iommu/intel/iommu.c:158 intel_iommu_probe_device+0x319/0xd90\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x7e/0x180\n ? intel_iommu_probe_device+0x319/0xd90\n ? report_bug+0x1f8/0x200\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? intel_iommu_probe_device+0x319/0xd90\n ? debug_mutex_init+0x37/0x50\n __iommu_probe_device+0xf2/0x4f0\n iommu_probe_device+0x22/0x70\n iommu_bus_notifier+0x1e/0x40\n notifier_call_chain+0x46/0x150\n blocking_notifier_call_chain+0x42/0x60\n bus_notify+0x2f/0x50\n device_add+0x5ed/0x7e0\n platform_device_add+0xf5/0x240\n mfd_add_devices+0x3f9/0x500\n ? preempt_count_add+0x4c/0xa0\n ? up_write+0xa2/0x1b0\n ? __debugfs_create_file+0xe3/0x150\n intel_lpss_probe+0x49f/0x5b0\n ? pci_conf1_write+0xa3/0xf0\n intel_lpss_pci_probe+0xcf/0x110 [intel_lpss_pci]\n pci_device_probe+0x95/0x120\n really_probe+0xd9/0x370\n ? __pfx___driver_attach+0x10/0x10\n __driver_probe_device+0x73/0x150\n driver_probe_device+0x19/0xa0\n __driver_attach+0xb6/0x180\n ? __pfx___driver_attach+0x10/0x10\n bus_for_each_dev+0x77/0xd0\n bus_add_driver+0x114/0x210\n driver_register+0x5b/0x110\n ? __pfx_intel_lpss_pci_driver_init+0x10/0x10 [intel_lpss_pci]\n do_one_initcall+0x57/0x2b0\n ? kmalloc_trace+0x21e/0x280\n ? do_init_module+0x1e/0x210\n do_init_module+0x5f/0x210\n load_module+0x1d37/0x1fc0\n ? init_module_from_file+0x86/0xd0\n init_module_from_file+0x86/0xd0\n idempotent_init_module+0x17c/0x230\n __x64_sys_finit_module+0x56/0xb0\n do_syscall_64+0x6e/0x140\n entry_SYSCALL_64_after_hwframe+0x71/0x79"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:12.564Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fba8ca3e6f608b92e54271fdbd3ce569361939fc"
},
{
"url": "https://git.kernel.org/stable/c/89436f4f54125b1297aec1f466efd8acb4ec613d"
}
],
"title": "iommu/vt-d: Fix WARN_ON in iommu probe path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35957",
"datePublished": "2024-05-20T09:41:49.930Z",
"dateReserved": "2024-05-17T13:50:33.136Z",
"dateUpdated": "2025-05-04T09:09:12.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52867 (GCVE-0-2023-52867)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: possible buffer overflow
Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is
checked after access.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:50:12.334865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:41.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/112d4b02d94bf9fa4f1d3376587878400dd74783"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/caaa74541459c4c9e2c10046cf66ad2890483d0f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddc42881f170f1f518496f5a70447501335fc783"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b063c93bece827fde237fae1c101bceeee4e896"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/347f025a02b3a5d715a0b471fc3b1439c338ad94"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/341e79f8aec6af6b0061b8171d77b085835c6a58"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d9b4fa249deaae1145d6fc2b64dae718e5c7a855"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19534a7a225f1bf2da70a9a90d41d0215f8f6b45"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd05484f99d16715a88eedfca363828ef9a4c2d4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/radeon/evergreen.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "112d4b02d94bf9fa4f1d3376587878400dd74783",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "caaa74541459c4c9e2c10046cf66ad2890483d0f",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "ddc42881f170f1f518496f5a70447501335fc783",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "7b063c93bece827fde237fae1c101bceeee4e896",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "347f025a02b3a5d715a0b471fc3b1439c338ad94",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "341e79f8aec6af6b0061b8171d77b085835c6a58",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "d9b4fa249deaae1145d6fc2b64dae718e5c7a855",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "19534a7a225f1bf2da70a9a90d41d0215f8f6b45",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "dd05484f99d16715a88eedfca363828ef9a4c2d4",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/radeon/evergreen.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.330",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.330",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: possible buffer overflow\n\nBuffer \u0027afmt_status\u0027 of size 6 could overflow, since index \u0027afmt_idx\u0027 is\nchecked after access."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:37.299Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/112d4b02d94bf9fa4f1d3376587878400dd74783"
},
{
"url": "https://git.kernel.org/stable/c/caaa74541459c4c9e2c10046cf66ad2890483d0f"
},
{
"url": "https://git.kernel.org/stable/c/ddc42881f170f1f518496f5a70447501335fc783"
},
{
"url": "https://git.kernel.org/stable/c/7b063c93bece827fde237fae1c101bceeee4e896"
},
{
"url": "https://git.kernel.org/stable/c/347f025a02b3a5d715a0b471fc3b1439c338ad94"
},
{
"url": "https://git.kernel.org/stable/c/341e79f8aec6af6b0061b8171d77b085835c6a58"
},
{
"url": "https://git.kernel.org/stable/c/d9b4fa249deaae1145d6fc2b64dae718e5c7a855"
},
{
"url": "https://git.kernel.org/stable/c/19534a7a225f1bf2da70a9a90d41d0215f8f6b45"
},
{
"url": "https://git.kernel.org/stable/c/dd05484f99d16715a88eedfca363828ef9a4c2d4"
}
],
"title": "drm/radeon: possible buffer overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52867",
"datePublished": "2024-05-21T15:31:57.866Z",
"dateReserved": "2024-05-21T15:19:24.262Z",
"dateUpdated": "2025-05-04T07:44:37.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26676 (GCVE-0-2024-26676)
Vulnerability from cvelistv5
Published
2024-04-02 07:01
Modified
2025-05-07 20:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
syzbot reported a warning [0] in __unix_gc() with a repro, which
creates a socketpair and sends one socket's fd to itself using the
peer.
socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0
sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\360", iov_len=1}],
msg_iovlen=1, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET,
cmsg_type=SCM_RIGHTS, cmsg_data=[3]}],
msg_controllen=24, msg_flags=0}, MSG_OOB|MSG_PROBE|MSG_DONTWAIT|MSG_ZEROCOPY) = 1
This forms a self-cyclic reference that GC should finally untangle
but does not due to lack of MSG_OOB handling, resulting in memory
leak.
Recently, commit 11498715f266 ("af_unix: Remove io_uring code for
GC.") removed io_uring's dead code in GC and revealed the problem.
The code was executed at the final stage of GC and unconditionally
moved all GC candidates from gc_candidates to gc_inflight_list.
That papered over the reported problem by always making the following
WARN_ON_ONCE(!list_empty(&gc_candidates)) false.
The problem has been there since commit 2aab4b969002 ("af_unix: fix
struct pid leaks in OOB support") added full scm support for MSG_OOB
while fixing another bug.
To fix this problem, we must call kfree_skb() for unix_sk(sk)->oob_skb
if the socket still exists in gc_candidates after purging collected skb.
Then, we need to set NULL to oob_skb before calling kfree_skb() because
it calls last fput() and triggers unix_release_sock(), where we call
duplicate kfree_skb(u->oob_skb) if not NULL.
Note that the leaked socket remained being linked to a global list, so
kmemleak also could not detect it. We need to check /proc/net/protocol
to notice the unfreed socket.
[0]:
WARNING: CPU: 0 PID: 2863 at net/unix/garbage.c:345 __unix_gc+0xc74/0xe80 net/unix/garbage.c:345
Modules linked in:
CPU: 0 PID: 2863 Comm: kworker/u4:11 Not tainted 6.8.0-rc1-syzkaller-00583-g1701940b1a02 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Workqueue: events_unbound __unix_gc
RIP: 0010:__unix_gc+0xc74/0xe80 net/unix/garbage.c:345
Code: 8b 5c 24 50 e9 86 f8 ff ff e8 f8 e4 22 f8 31 d2 48 c7 c6 30 6a 69 89 4c 89 ef e8 97 ef ff ff e9 80 f9 ff ff e8 dd e4 22 f8 90 <0f> 0b 90 e9 7b fd ff ff 48 89 df e8 5c e7 7c f8 e9 d3 f8 ff ff e8
RSP: 0018:ffffc9000b03fba0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffffc9000b03fc10 RCX: ffffffff816c493e
RDX: ffff88802c02d940 RSI: ffffffff896982f3 RDI: ffffc9000b03fb30
RBP: ffffc9000b03fce0 R08: 0000000000000001 R09: fffff52001607f66
R10: 0000000000000003 R11: 0000000000000002 R12: dffffc0000000000
R13: ffffc9000b03fc10 R14: ffffc9000b03fc10 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005559c8677a60 CR3: 000000000d57a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
process_one_work+0x889/0x15e0 kernel/workqueue.c:2633
process_scheduled_works kernel/workqueue.c:2706 [inline]
worker_thread+0x8b9/0x12a0 kernel/workqueue.c:2787
kthread+0x2c6/0x3b0 kernel/kthread.c:388
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242
</TASK>
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f3969427fb06a2c3cd6efd7faab63505cfa76e76 Version: ac1968ac399205fda9ee3b18f7de7416cb3a5d0d Version: 2aab4b96900272885bc157f8b236abf1cdc02e08 Version: 2aab4b96900272885bc157f8b236abf1cdc02e08 Version: 2aab4b96900272885bc157f8b236abf1cdc02e08 Version: a59d6306263c38e5c0592ea4451ca26a0778c947 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T20:00:56.944715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T20:01:37.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4fe505c63aa3273135a57597fda761e9aecc7668"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0e09186d8821ad59806115d347ea32efa43ca4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b74aa9ce13d02b7fd37c5325b99854f91b9b4276"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82ae47c5c3a6b27fdc0f9e83c1499cb439c56140"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1279f9d9dec2d7462823a18c29ad61359e0a007d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/unix/garbage.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4fe505c63aa3273135a57597fda761e9aecc7668",
"status": "affected",
"version": "f3969427fb06a2c3cd6efd7faab63505cfa76e76",
"versionType": "git"
},
{
"lessThan": "e0e09186d8821ad59806115d347ea32efa43ca4b",
"status": "affected",
"version": "ac1968ac399205fda9ee3b18f7de7416cb3a5d0d",
"versionType": "git"
},
{
"lessThan": "b74aa9ce13d02b7fd37c5325b99854f91b9b4276",
"status": "affected",
"version": "2aab4b96900272885bc157f8b236abf1cdc02e08",
"versionType": "git"
},
{
"lessThan": "82ae47c5c3a6b27fdc0f9e83c1499cb439c56140",
"status": "affected",
"version": "2aab4b96900272885bc157f8b236abf1cdc02e08",
"versionType": "git"
},
{
"lessThan": "1279f9d9dec2d7462823a18c29ad61359e0a007d",
"status": "affected",
"version": "2aab4b96900272885bc157f8b236abf1cdc02e08",
"versionType": "git"
},
{
"status": "affected",
"version": "a59d6306263c38e5c0592ea4451ca26a0778c947",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/unix/garbage.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.15.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "6.1.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Call kfree_skb() for dead unix_(sk)-\u003eoob_skb in GC.\n\nsyzbot reported a warning [0] in __unix_gc() with a repro, which\ncreates a socketpair and sends one socket\u0027s fd to itself using the\npeer.\n\n socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0\n sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=\"\\360\", iov_len=1}],\n msg_iovlen=1, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET,\n cmsg_type=SCM_RIGHTS, cmsg_data=[3]}],\n msg_controllen=24, msg_flags=0}, MSG_OOB|MSG_PROBE|MSG_DONTWAIT|MSG_ZEROCOPY) = 1\n\nThis forms a self-cyclic reference that GC should finally untangle\nbut does not due to lack of MSG_OOB handling, resulting in memory\nleak.\n\nRecently, commit 11498715f266 (\"af_unix: Remove io_uring code for\nGC.\") removed io_uring\u0027s dead code in GC and revealed the problem.\n\nThe code was executed at the final stage of GC and unconditionally\nmoved all GC candidates from gc_candidates to gc_inflight_list.\nThat papered over the reported problem by always making the following\nWARN_ON_ONCE(!list_empty(\u0026gc_candidates)) false.\n\nThe problem has been there since commit 2aab4b969002 (\"af_unix: fix\nstruct pid leaks in OOB support\") added full scm support for MSG_OOB\nwhile fixing another bug.\n\nTo fix this problem, we must call kfree_skb() for unix_sk(sk)-\u003eoob_skb\nif the socket still exists in gc_candidates after purging collected skb.\n\nThen, we need to set NULL to oob_skb before calling kfree_skb() because\nit calls last fput() and triggers unix_release_sock(), where we call\nduplicate kfree_skb(u-\u003eoob_skb) if not NULL.\n\nNote that the leaked socket remained being linked to a global list, so\nkmemleak also could not detect it. We need to check /proc/net/protocol\nto notice the unfreed socket.\n\n[0]:\nWARNING: CPU: 0 PID: 2863 at net/unix/garbage.c:345 __unix_gc+0xc74/0xe80 net/unix/garbage.c:345\nModules linked in:\nCPU: 0 PID: 2863 Comm: kworker/u4:11 Not tainted 6.8.0-rc1-syzkaller-00583-g1701940b1a02 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nWorkqueue: events_unbound __unix_gc\nRIP: 0010:__unix_gc+0xc74/0xe80 net/unix/garbage.c:345\nCode: 8b 5c 24 50 e9 86 f8 ff ff e8 f8 e4 22 f8 31 d2 48 c7 c6 30 6a 69 89 4c 89 ef e8 97 ef ff ff e9 80 f9 ff ff e8 dd e4 22 f8 90 \u003c0f\u003e 0b 90 e9 7b fd ff ff 48 89 df e8 5c e7 7c f8 e9 d3 f8 ff ff e8\nRSP: 0018:ffffc9000b03fba0 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffffc9000b03fc10 RCX: ffffffff816c493e\nRDX: ffff88802c02d940 RSI: ffffffff896982f3 RDI: ffffc9000b03fb30\nRBP: ffffc9000b03fce0 R08: 0000000000000001 R09: fffff52001607f66\nR10: 0000000000000003 R11: 0000000000000002 R12: dffffc0000000000\nR13: ffffc9000b03fc10 R14: ffffc9000b03fc10 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005559c8677a60 CR3: 000000000d57a000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n process_one_work+0x889/0x15e0 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x8b9/0x12a0 kernel/workqueue.c:2787\n kthread+0x2c6/0x3b0 kernel/kthread.c:388\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:24.120Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4fe505c63aa3273135a57597fda761e9aecc7668"
},
{
"url": "https://git.kernel.org/stable/c/e0e09186d8821ad59806115d347ea32efa43ca4b"
},
{
"url": "https://git.kernel.org/stable/c/b74aa9ce13d02b7fd37c5325b99854f91b9b4276"
},
{
"url": "https://git.kernel.org/stable/c/82ae47c5c3a6b27fdc0f9e83c1499cb439c56140"
},
{
"url": "https://git.kernel.org/stable/c/1279f9d9dec2d7462823a18c29ad61359e0a007d"
}
],
"title": "af_unix: Call kfree_skb() for dead unix_(sk)-\u003eoob_skb in GC.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26676",
"datePublished": "2024-04-02T07:01:40.758Z",
"dateReserved": "2024-02-19T14:20:24.151Z",
"dateUpdated": "2025-05-07T20:01:37.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47210 (GCVE-0-2023-47210)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 21:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) PROSet/Wireless WiFi software for linux |
Version: before version 23.20 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:intel:killer_wi-fi_6_ax1650:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "killer_wi-fi_6_ax1650",
"vendor": "intel",
"versions": [
{
"lessThan": "23.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:wi-fi_6_ax200:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wi-fi_6_ax200",
"vendor": "intel",
"versions": [
{
"lessThan": "23.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:wi-fi_6_ax201:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wi-fi_6_ax201",
"vendor": "intel",
"versions": [
{
"lessThan": "23.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:wi-fi_7_be200:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wi-fi_7_be200",
"vendor": "intel",
"versions": [
{
"lessThan": "23.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:wireless-ac_9260:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wireless-ac_9260",
"vendor": "intel",
"versions": [
{
"lessThan": "23.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:wireless-ac_9560:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wireless-ac_9560",
"vendor": "intel",
"versions": [
{
"lessThan": "23.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:wi-fi_7_be202:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wi-fi_7_be202",
"vendor": "intel",
"versions": [
{
"lessThan": "23.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47210",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T15:28:43.567811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T12:45:41.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) PROSet/Wireless WiFi software for linux",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:15.546Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-47210",
"datePublished": "2024-05-16T20:47:15.546Z",
"dateReserved": "2023-11-03T03:00:20.843Z",
"dateUpdated": "2024-08-02T21:01:22.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38661 (GCVE-0-2024-38661)
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/ap: Fix crash in AP internal function modify_bitmap()
A system crash like this
Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403
Fault in home space mode while using kernel ASCE.
AS:00000002d71bc007 R3:00000003fe5b8007 S:000000011a446000 P:000000015660c13d
Oops: 0038 ilc:3 [#1] PREEMPT SMP
Modules linked in: mlx5_ib ...
CPU: 8 PID: 7556 Comm: bash Not tainted 6.9.0-rc7 #8
Hardware name: IBM 3931 A01 704 (LPAR)
Krnl PSW : 0704e00180000000 0000014b75e7b606 (ap_parse_bitmap_str+0x10e/0x1f8)
R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3
Krnl GPRS: 0000000000000001 ffffffffffffffc0 0000000000000001 00000048f96b75d3
000000cb00000100 ffffffffffffffff ffffffffffffffff 000000cb7df6fce0
000000cb7df6fce0 00000000ffffffff 000000000000002b 00000048ffffffff
000003ff9b2dbc80 200000cb7df6fcd8 0000014bffffffc0 000000cb7df6fbc8
Krnl Code: 0000014b75e7b5fc: a7840047 brc 8,0000014b75e7b68a
0000014b75e7b600: 18b2 lr %r11,%r2
#0000014b75e7b602: a7f4000a brc 15,0000014b75e7b616
>0000014b75e7b606: eb22d00000e6 laog %r2,%r2,0(%r13)
0000014b75e7b60c: a7680001 lhi %r6,1
0000014b75e7b610: 187b lr %r7,%r11
0000014b75e7b612: 84960021 brxh %r9,%r6,0000014b75e7b654
0000014b75e7b616: 18e9 lr %r14,%r9
Call Trace:
[<0000014b75e7b606>] ap_parse_bitmap_str+0x10e/0x1f8
([<0000014b75e7b5dc>] ap_parse_bitmap_str+0xe4/0x1f8)
[<0000014b75e7b758>] apmask_store+0x68/0x140
[<0000014b75679196>] kernfs_fop_write_iter+0x14e/0x1e8
[<0000014b75598524>] vfs_write+0x1b4/0x448
[<0000014b7559894c>] ksys_write+0x74/0x100
[<0000014b7618a440>] __do_syscall+0x268/0x328
[<0000014b761a3558>] system_call+0x70/0x98
INFO: lockdep is turned off.
Last Breaking-Event-Address:
[<0000014b75e7b636>] ap_parse_bitmap_str+0x13e/0x1f8
Kernel panic - not syncing: Fatal exception: panic_on_oops
occured when /sys/bus/ap/a[pq]mask was updated with a relative mask value
(like +0x10-0x12,+60,-90) with one of the numeric values exceeding INT_MAX.
The fix is simple: use unsigned long values for the internal variables. The
correct checks are already in place in the function but a simple int for
the internal variables was used with the possibility to overflow.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2062e3f1f2374102f8014d7ca286b9aa527bd558"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c72af16abf2ec7520407098360bbba312289e05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7360cef95aa1ea2b5efb7b5e2ed32e941664e1f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67011123453b91ec03671d40712fa213e94a01b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c5f5911c1b13170d3404eb992c6a0deaa8d81ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c0bfb4e867c1ec6616a5049bd3618021e127056"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7dabe54a016defe11bb2a278cd9f1ff6db3feba6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4f9d5a99a3fd1b1c691b7a1a6f8f3f25f4116c9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:08:14.637796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:42.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/ap_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2062e3f1f2374102f8014d7ca286b9aa527bd558",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7c72af16abf2ec7520407098360bbba312289e05",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7360cef95aa1ea2b5efb7b5e2ed32e941664e1f0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "67011123453b91ec03671d40712fa213e94a01b9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8c5f5911c1b13170d3404eb992c6a0deaa8d81ad",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4c0bfb4e867c1ec6616a5049bd3618021e127056",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7dabe54a016defe11bb2a278cd9f1ff6db3feba6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d4f9d5a99a3fd1b1c691b7a1a6f8f3f25f4116c9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/ap_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ap: Fix crash in AP internal function modify_bitmap()\n\nA system crash like this\n\n Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403\n Fault in home space mode while using kernel ASCE.\n AS:00000002d71bc007 R3:00000003fe5b8007 S:000000011a446000 P:000000015660c13d\n Oops: 0038 ilc:3 [#1] PREEMPT SMP\n Modules linked in: mlx5_ib ...\n CPU: 8 PID: 7556 Comm: bash Not tainted 6.9.0-rc7 #8\n Hardware name: IBM 3931 A01 704 (LPAR)\n Krnl PSW : 0704e00180000000 0000014b75e7b606 (ap_parse_bitmap_str+0x10e/0x1f8)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\n Krnl GPRS: 0000000000000001 ffffffffffffffc0 0000000000000001 00000048f96b75d3\n 000000cb00000100 ffffffffffffffff ffffffffffffffff 000000cb7df6fce0\n 000000cb7df6fce0 00000000ffffffff 000000000000002b 00000048ffffffff\n 000003ff9b2dbc80 200000cb7df6fcd8 0000014bffffffc0 000000cb7df6fbc8\n Krnl Code: 0000014b75e7b5fc: a7840047 brc 8,0000014b75e7b68a\n 0000014b75e7b600: 18b2 lr %r11,%r2\n #0000014b75e7b602: a7f4000a brc 15,0000014b75e7b616\n \u003e0000014b75e7b606: eb22d00000e6 laog %r2,%r2,0(%r13)\n 0000014b75e7b60c: a7680001 lhi %r6,1\n 0000014b75e7b610: 187b lr %r7,%r11\n 0000014b75e7b612: 84960021 brxh %r9,%r6,0000014b75e7b654\n 0000014b75e7b616: 18e9 lr %r14,%r9\n Call Trace:\n [\u003c0000014b75e7b606\u003e] ap_parse_bitmap_str+0x10e/0x1f8\n ([\u003c0000014b75e7b5dc\u003e] ap_parse_bitmap_str+0xe4/0x1f8)\n [\u003c0000014b75e7b758\u003e] apmask_store+0x68/0x140\n [\u003c0000014b75679196\u003e] kernfs_fop_write_iter+0x14e/0x1e8\n [\u003c0000014b75598524\u003e] vfs_write+0x1b4/0x448\n [\u003c0000014b7559894c\u003e] ksys_write+0x74/0x100\n [\u003c0000014b7618a440\u003e] __do_syscall+0x268/0x328\n [\u003c0000014b761a3558\u003e] system_call+0x70/0x98\n INFO: lockdep is turned off.\n Last Breaking-Event-Address:\n [\u003c0000014b75e7b636\u003e] ap_parse_bitmap_str+0x13e/0x1f8\n Kernel panic - not syncing: Fatal exception: panic_on_oops\n\noccured when /sys/bus/ap/a[pq]mask was updated with a relative mask value\n(like +0x10-0x12,+60,-90) with one of the numeric values exceeding INT_MAX.\n\nThe fix is simple: use unsigned long values for the internal variables. The\ncorrect checks are already in place in the function but a simple int for\nthe internal variables was used with the possibility to overflow."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:58.203Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2062e3f1f2374102f8014d7ca286b9aa527bd558"
},
{
"url": "https://git.kernel.org/stable/c/7c72af16abf2ec7520407098360bbba312289e05"
},
{
"url": "https://git.kernel.org/stable/c/7360cef95aa1ea2b5efb7b5e2ed32e941664e1f0"
},
{
"url": "https://git.kernel.org/stable/c/67011123453b91ec03671d40712fa213e94a01b9"
},
{
"url": "https://git.kernel.org/stable/c/8c5f5911c1b13170d3404eb992c6a0deaa8d81ad"
},
{
"url": "https://git.kernel.org/stable/c/4c0bfb4e867c1ec6616a5049bd3618021e127056"
},
{
"url": "https://git.kernel.org/stable/c/7dabe54a016defe11bb2a278cd9f1ff6db3feba6"
},
{
"url": "https://git.kernel.org/stable/c/d4f9d5a99a3fd1b1c691b7a1a6f8f3f25f4116c9"
}
],
"title": "s390/ap: Fix crash in AP internal function modify_bitmap()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38661",
"datePublished": "2024-06-25T14:22:38.224Z",
"dateReserved": "2024-06-24T13:53:25.560Z",
"dateUpdated": "2025-05-04T09:15:58.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52656 (GCVE-0-2023-52656)
Vulnerability from cvelistv5
Published
2024-05-13 13:12
Modified
2025-08-21 12:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring: drop any code related to SCM_RIGHTS
This is dead code after we dropped support for passing io_uring fds
over SCM_RIGHTS, get rid of it.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e Version: 2b188cc1bb857a9d4701ae59aa7768b5124e262e |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfb24022bb2c31f1f555dc6bc3cc5e2547446fb3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6771f343af90a25f3a14911634562bb5621df02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d909d381c3152393421403be4b6435f17a2378b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a3812a47a32022ca76bf46ddacdd823dc2aabf8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88c49d9c896143cdc0f77197c4dcf24140375e89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e5e6d274956305f1fc0340522b38f5f5be74bdb"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:43:19.379716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:26.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/io_uring_types.h",
"io_uring/filetable.c",
"io_uring/io_uring.c",
"io_uring/rsrc.c",
"io_uring/rsrc.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cfb24022bb2c31f1f555dc6bc3cc5e2547446fb3",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "a6771f343af90a25f3a14911634562bb5621df02",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "d909d381c3152393421403be4b6435f17a2378b4",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "a3812a47a32022ca76bf46ddacdd823dc2aabf8b",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "6fc19b3d8a45ff0e5d50ec8184cee1d5eac1a8ba",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "88c49d9c896143cdc0f77197c4dcf24140375e89",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
},
{
"lessThan": "6e5e6d274956305f1fc0340522b38f5f5be74bdb",
"status": "affected",
"version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/io_uring_types.h",
"io_uring/filetable.c",
"io_uring/io_uring.c",
"io_uring/rsrc.c",
"io_uring/rsrc.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: drop any code related to SCM_RIGHTS\n\nThis is dead code after we dropped support for passing io_uring fds\nover SCM_RIGHTS, get rid of it."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T12:08:49.536Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cfb24022bb2c31f1f555dc6bc3cc5e2547446fb3"
},
{
"url": "https://git.kernel.org/stable/c/a6771f343af90a25f3a14911634562bb5621df02"
},
{
"url": "https://git.kernel.org/stable/c/d909d381c3152393421403be4b6435f17a2378b4"
},
{
"url": "https://git.kernel.org/stable/c/a3812a47a32022ca76bf46ddacdd823dc2aabf8b"
},
{
"url": "https://git.kernel.org/stable/c/6fc19b3d8a45ff0e5d50ec8184cee1d5eac1a8ba"
},
{
"url": "https://git.kernel.org/stable/c/88c49d9c896143cdc0f77197c4dcf24140375e89"
},
{
"url": "https://git.kernel.org/stable/c/6e5e6d274956305f1fc0340522b38f5f5be74bdb"
}
],
"title": "io_uring: drop any code related to SCM_RIGHTS",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52656",
"datePublished": "2024-05-13T13:12:35.333Z",
"dateReserved": "2024-03-06T09:52:12.099Z",
"dateUpdated": "2025-08-21T12:08:49.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52855 (GCVE-0-2023-52855)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency
In _dwc2_hcd_urb_enqueue(), "urb->hcpriv = NULL" is executed without
holding the lock "hsotg->lock". In _dwc2_hcd_urb_dequeue():
spin_lock_irqsave(&hsotg->lock, flags);
...
if (!urb->hcpriv) {
dev_dbg(hsotg->dev, "## urb->hcpriv is NULL ##\n");
goto out;
}
rc = dwc2_hcd_urb_dequeue(hsotg, urb->hcpriv); // Use urb->hcpriv
...
out:
spin_unlock_irqrestore(&hsotg->lock, flags);
When _dwc2_hcd_urb_enqueue() and _dwc2_hcd_urb_dequeue() are
concurrently executed, the NULL check of "urb->hcpriv" can be executed
before "urb->hcpriv = NULL". After urb->hcpriv is NULL, it can be used
in the function call to dwc2_hcd_urb_dequeue(), which can cause a NULL
pointer dereference.
This possible bug is found by an experimental static analysis tool
developed by myself. This tool analyzes the locking APIs to extract
function pairs that can be concurrently executed, and then analyzes the
instructions in the paired functions to identify possible concurrency
bugs including data races and atomicity violations. The above possible
bug is reported, when my tool analyzes the source code of Linux 6.5.
To fix this possible bug, "urb->hcpriv = NULL" should be executed with
holding the lock "hsotg->lock". After using this patch, my tool never
reports the possible bug, with the kernelconfiguration allyesconfig for
x86_64. Because I have no associated hardware, I cannot test the patch
in runtime testing, and just verify it according to the code logic.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T17:15:57.421865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T14:51:47.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14c9ec34e8118fbffd7f5431814d767726323e72"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fed492aa6493a91a77ebd51da6fb939c98d94a0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64c47749fc7507ed732e155c958253968c1d275e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bdb3dd4096302d6b87441fdc528439f171b04be6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fcaafb574fc88a52dce817f039f7ff2f9da38001"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b21a22728852d020a6658d39cd7bb7e14b07790"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3e851a77a13ce944d703721793f49ee82622986d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7bee9598afb38004841a41dd8fe68c1faff4e90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef307bc6ef04e8c1ea843231db58e3afaafa9fa6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/dwc2/hcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "14c9ec34e8118fbffd7f5431814d767726323e72",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "fed492aa6493a91a77ebd51da6fb939c98d94a0d",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "64c47749fc7507ed732e155c958253968c1d275e",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "bdb3dd4096302d6b87441fdc528439f171b04be6",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "fcaafb574fc88a52dce817f039f7ff2f9da38001",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "6b21a22728852d020a6658d39cd7bb7e14b07790",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "3e851a77a13ce944d703721793f49ee82622986d",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "a7bee9598afb38004841a41dd8fe68c1faff4e90",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "ef307bc6ef04e8c1ea843231db58e3afaafa9fa6",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/dwc2/hcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.330",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.330",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: fix possible NULL pointer dereference caused by driver concurrency\n\nIn _dwc2_hcd_urb_enqueue(), \"urb-\u003ehcpriv = NULL\" is executed without\nholding the lock \"hsotg-\u003elock\". In _dwc2_hcd_urb_dequeue():\n\n spin_lock_irqsave(\u0026hsotg-\u003elock, flags);\n ...\n\tif (!urb-\u003ehcpriv) {\n\t\tdev_dbg(hsotg-\u003edev, \"## urb-\u003ehcpriv is NULL ##\\n\");\n\t\tgoto out;\n\t}\n rc = dwc2_hcd_urb_dequeue(hsotg, urb-\u003ehcpriv); // Use urb-\u003ehcpriv\n ...\nout:\n spin_unlock_irqrestore(\u0026hsotg-\u003elock, flags);\n\nWhen _dwc2_hcd_urb_enqueue() and _dwc2_hcd_urb_dequeue() are\nconcurrently executed, the NULL check of \"urb-\u003ehcpriv\" can be executed\nbefore \"urb-\u003ehcpriv = NULL\". After urb-\u003ehcpriv is NULL, it can be used\nin the function call to dwc2_hcd_urb_dequeue(), which can cause a NULL\npointer dereference.\n\nThis possible bug is found by an experimental static analysis tool\ndeveloped by myself. This tool analyzes the locking APIs to extract\nfunction pairs that can be concurrently executed, and then analyzes the\ninstructions in the paired functions to identify possible concurrency\nbugs including data races and atomicity violations. The above possible\nbug is reported, when my tool analyzes the source code of Linux 6.5.\n\nTo fix this possible bug, \"urb-\u003ehcpriv = NULL\" should be executed with\nholding the lock \"hsotg-\u003elock\". After using this patch, my tool never\nreports the possible bug, with the kernelconfiguration allyesconfig for\nx86_64. Because I have no associated hardware, I cannot test the patch\nin runtime testing, and just verify it according to the code logic."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:23.557Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/14c9ec34e8118fbffd7f5431814d767726323e72"
},
{
"url": "https://git.kernel.org/stable/c/fed492aa6493a91a77ebd51da6fb939c98d94a0d"
},
{
"url": "https://git.kernel.org/stable/c/64c47749fc7507ed732e155c958253968c1d275e"
},
{
"url": "https://git.kernel.org/stable/c/bdb3dd4096302d6b87441fdc528439f171b04be6"
},
{
"url": "https://git.kernel.org/stable/c/fcaafb574fc88a52dce817f039f7ff2f9da38001"
},
{
"url": "https://git.kernel.org/stable/c/6b21a22728852d020a6658d39cd7bb7e14b07790"
},
{
"url": "https://git.kernel.org/stable/c/3e851a77a13ce944d703721793f49ee82622986d"
},
{
"url": "https://git.kernel.org/stable/c/a7bee9598afb38004841a41dd8fe68c1faff4e90"
},
{
"url": "https://git.kernel.org/stable/c/ef307bc6ef04e8c1ea843231db58e3afaafa9fa6"
}
],
"title": "usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52855",
"datePublished": "2024-05-21T15:31:49.909Z",
"dateReserved": "2024-05-21T15:19:24.257Z",
"dateUpdated": "2025-05-04T07:44:23.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52838 (GCVE-0-2023-52838)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fbdev: imsttfb: fix a resource leak in probe
I've re-written the error handling but the bug is that if init_imstt()
fails we need to call iounmap(par->cmap_regs).
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7f683f286a2196bd4d2da420a3194f5ba0269d8c Version: 815c95d82b79bb32e9aa7c95c6ac7cb1c92612cd Version: 2bf70b88cc358a437db376826f92c8dcf9c23587 Version: ad3de274e065790181f112b9c72a2fb4665ee2fd Version: c6c0a9f619584be19726ce7f81c31bc555af401a Version: c75f5a55061091030a13fef71b9995b89bc86213 Version: c75f5a55061091030a13fef71b9995b89bc86213 Version: c75f5a55061091030a13fef71b9995b89bc86213 Version: 64c6b84c73f576380fadeec2d30aaeccbc2994c7 Version: 4c86974fb42281b8041a504d92ab341ad4697325 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T18:03:42.645076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T17:59:31.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/382e1931e0c9cd58a5a8519cdc6cd9dc4d82b485"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c66d737b2726ac7784269ddf32a31634f8f269d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a4dfebec32ec6d420a5506dd56a7834c91be28e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e4b510fe91782522b7ca0ca881b663b5d35e513"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7bc7b82fb2191b0d50a80ee4e27030918767dd1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18d26f9baca7d0d309303e3074a2252b8310884a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b346a531159d08c564a312a9eaeea691704f3c00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aba6ab57a910ad4b940c2024d15f2cdbf5b7f76b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/imsttfb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "382e1931e0c9cd58a5a8519cdc6cd9dc4d82b485",
"status": "affected",
"version": "7f683f286a2196bd4d2da420a3194f5ba0269d8c",
"versionType": "git"
},
{
"lessThan": "6c66d737b2726ac7784269ddf32a31634f8f269d",
"status": "affected",
"version": "815c95d82b79bb32e9aa7c95c6ac7cb1c92612cd",
"versionType": "git"
},
{
"lessThan": "a4dfebec32ec6d420a5506dd56a7834c91be28e4",
"status": "affected",
"version": "2bf70b88cc358a437db376826f92c8dcf9c23587",
"versionType": "git"
},
{
"lessThan": "8e4b510fe91782522b7ca0ca881b663b5d35e513",
"status": "affected",
"version": "ad3de274e065790181f112b9c72a2fb4665ee2fd",
"versionType": "git"
},
{
"lessThan": "7bc7b82fb2191b0d50a80ee4e27030918767dd1d",
"status": "affected",
"version": "c6c0a9f619584be19726ce7f81c31bc555af401a",
"versionType": "git"
},
{
"lessThan": "18d26f9baca7d0d309303e3074a2252b8310884a",
"status": "affected",
"version": "c75f5a55061091030a13fef71b9995b89bc86213",
"versionType": "git"
},
{
"lessThan": "b346a531159d08c564a312a9eaeea691704f3c00",
"status": "affected",
"version": "c75f5a55061091030a13fef71b9995b89bc86213",
"versionType": "git"
},
{
"lessThan": "aba6ab57a910ad4b940c2024d15f2cdbf5b7f76b",
"status": "affected",
"version": "c75f5a55061091030a13fef71b9995b89bc86213",
"versionType": "git"
},
{
"status": "affected",
"version": "64c6b84c73f576380fadeec2d30aaeccbc2994c7",
"versionType": "git"
},
{
"status": "affected",
"version": "4c86974fb42281b8041a504d92ab341ad4697325",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/imsttfb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.19.291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "5.4.251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.10.188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.15.116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "6.1.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: imsttfb: fix a resource leak in probe\n\nI\u0027ve re-written the error handling but the bug is that if init_imstt()\nfails we need to call iounmap(par-\u003ecmap_regs)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:37.526Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/382e1931e0c9cd58a5a8519cdc6cd9dc4d82b485"
},
{
"url": "https://git.kernel.org/stable/c/6c66d737b2726ac7784269ddf32a31634f8f269d"
},
{
"url": "https://git.kernel.org/stable/c/a4dfebec32ec6d420a5506dd56a7834c91be28e4"
},
{
"url": "https://git.kernel.org/stable/c/8e4b510fe91782522b7ca0ca881b663b5d35e513"
},
{
"url": "https://git.kernel.org/stable/c/7bc7b82fb2191b0d50a80ee4e27030918767dd1d"
},
{
"url": "https://git.kernel.org/stable/c/18d26f9baca7d0d309303e3074a2252b8310884a"
},
{
"url": "https://git.kernel.org/stable/c/b346a531159d08c564a312a9eaeea691704f3c00"
},
{
"url": "https://git.kernel.org/stable/c/aba6ab57a910ad4b940c2024d15f2cdbf5b7f76b"
}
],
"title": "fbdev: imsttfb: fix a resource leak in probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52838",
"datePublished": "2024-05-21T15:31:38.539Z",
"dateReserved": "2024-05-21T15:19:24.253Z",
"dateUpdated": "2025-05-04T12:49:37.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52884 (GCVE-0-2023-52884)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Input: cyapa - add missing input core locking to suspend/resume functions
Grab input->mutex during suspend/resume functions like it is done in
other input drivers. This fixes the following warning during system
suspend/resume cycle on Samsung Exynos5250-based Snow Chromebook:
------------[ cut here ]------------
WARNING: CPU: 1 PID: 1680 at drivers/input/input.c:2291 input_device_enabled+0x68/0x6c
Modules linked in: ...
CPU: 1 PID: 1680 Comm: kworker/u4:12 Tainted: G W 6.6.0-rc5-next-20231009 #14109
Hardware name: Samsung Exynos (Flattened Device Tree)
Workqueue: events_unbound async_run_entry_fn
unwind_backtrace from show_stack+0x10/0x14
show_stack from dump_stack_lvl+0x58/0x70
dump_stack_lvl from __warn+0x1a8/0x1cc
__warn from warn_slowpath_fmt+0x18c/0x1b4
warn_slowpath_fmt from input_device_enabled+0x68/0x6c
input_device_enabled from cyapa_gen3_set_power_mode+0x13c/0x1dc
cyapa_gen3_set_power_mode from cyapa_reinitialize+0x10c/0x15c
cyapa_reinitialize from cyapa_resume+0x48/0x98
cyapa_resume from dpm_run_callback+0x90/0x298
dpm_run_callback from device_resume+0xb4/0x258
device_resume from async_resume+0x20/0x64
async_resume from async_run_entry_fn+0x40/0x15c
async_run_entry_fn from process_scheduled_works+0xbc/0x6a8
process_scheduled_works from worker_thread+0x188/0x454
worker_thread from kthread+0x108/0x140
kthread from ret_from_fork+0x14/0x28
Exception stack(0xf1625fb0 to 0xf1625ff8)
...
---[ end trace 0000000000000000 ]---
...
------------[ cut here ]------------
WARNING: CPU: 1 PID: 1680 at drivers/input/input.c:2291 input_device_enabled+0x68/0x6c
Modules linked in: ...
CPU: 1 PID: 1680 Comm: kworker/u4:12 Tainted: G W 6.6.0-rc5-next-20231009 #14109
Hardware name: Samsung Exynos (Flattened Device Tree)
Workqueue: events_unbound async_run_entry_fn
unwind_backtrace from show_stack+0x10/0x14
show_stack from dump_stack_lvl+0x58/0x70
dump_stack_lvl from __warn+0x1a8/0x1cc
__warn from warn_slowpath_fmt+0x18c/0x1b4
warn_slowpath_fmt from input_device_enabled+0x68/0x6c
input_device_enabled from cyapa_gen3_set_power_mode+0x13c/0x1dc
cyapa_gen3_set_power_mode from cyapa_reinitialize+0x10c/0x15c
cyapa_reinitialize from cyapa_resume+0x48/0x98
cyapa_resume from dpm_run_callback+0x90/0x298
dpm_run_callback from device_resume+0xb4/0x258
device_resume from async_resume+0x20/0x64
async_resume from async_run_entry_fn+0x40/0x15c
async_run_entry_fn from process_scheduled_works+0xbc/0x6a8
process_scheduled_works from worker_thread+0x188/0x454
worker_thread from kthread+0x108/0x140
kthread from ret_from_fork+0x14/0x28
Exception stack(0xf1625fb0 to 0xf1625ff8)
...
---[ end trace 0000000000000000 ]---
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T17:50:27.641770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:02:45.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f99809fdeb50d65bcbc1661ef391af94eebb8a75"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9400caf566f65c703e99d95f87b00c4b445627a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a4c638ab25786bd5aab5978fe51b2b9be16a4ebd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a5fc298fa8f67cf1f0e1fc126eab70578cd40adc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b4e0b39182cf5e677c1fc092a3ec40e621c25b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/input/mouse/cyapa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f99809fdeb50d65bcbc1661ef391af94eebb8a75",
"status": "affected",
"version": "d69f0a43c677e8afc67a222e1e7b51b9acc69cd3",
"versionType": "git"
},
{
"lessThan": "9400caf566f65c703e99d95f87b00c4b445627a7",
"status": "affected",
"version": "d69f0a43c677e8afc67a222e1e7b51b9acc69cd3",
"versionType": "git"
},
{
"lessThan": "a4c638ab25786bd5aab5978fe51b2b9be16a4ebd",
"status": "affected",
"version": "d69f0a43c677e8afc67a222e1e7b51b9acc69cd3",
"versionType": "git"
},
{
"lessThan": "a5fc298fa8f67cf1f0e1fc126eab70578cd40adc",
"status": "affected",
"version": "d69f0a43c677e8afc67a222e1e7b51b9acc69cd3",
"versionType": "git"
},
{
"lessThan": "7b4e0b39182cf5e677c1fc092a3ec40e621c25b6",
"status": "affected",
"version": "d69f0a43c677e8afc67a222e1e7b51b9acc69cd3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/input/mouse/cyapa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: cyapa - add missing input core locking to suspend/resume functions\n\nGrab input-\u003emutex during suspend/resume functions like it is done in\nother input drivers. This fixes the following warning during system\nsuspend/resume cycle on Samsung Exynos5250-based Snow Chromebook:\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 1680 at drivers/input/input.c:2291 input_device_enabled+0x68/0x6c\nModules linked in: ...\nCPU: 1 PID: 1680 Comm: kworker/u4:12 Tainted: G W 6.6.0-rc5-next-20231009 #14109\nHardware name: Samsung Exynos (Flattened Device Tree)\nWorkqueue: events_unbound async_run_entry_fn\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x58/0x70\n dump_stack_lvl from __warn+0x1a8/0x1cc\n __warn from warn_slowpath_fmt+0x18c/0x1b4\n warn_slowpath_fmt from input_device_enabled+0x68/0x6c\n input_device_enabled from cyapa_gen3_set_power_mode+0x13c/0x1dc\n cyapa_gen3_set_power_mode from cyapa_reinitialize+0x10c/0x15c\n cyapa_reinitialize from cyapa_resume+0x48/0x98\n cyapa_resume from dpm_run_callback+0x90/0x298\n dpm_run_callback from device_resume+0xb4/0x258\n device_resume from async_resume+0x20/0x64\n async_resume from async_run_entry_fn+0x40/0x15c\n async_run_entry_fn from process_scheduled_works+0xbc/0x6a8\n process_scheduled_works from worker_thread+0x188/0x454\n worker_thread from kthread+0x108/0x140\n kthread from ret_from_fork+0x14/0x28\nException stack(0xf1625fb0 to 0xf1625ff8)\n...\n---[ end trace 0000000000000000 ]---\n...\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 1680 at drivers/input/input.c:2291 input_device_enabled+0x68/0x6c\nModules linked in: ...\nCPU: 1 PID: 1680 Comm: kworker/u4:12 Tainted: G W 6.6.0-rc5-next-20231009 #14109\nHardware name: Samsung Exynos (Flattened Device Tree)\nWorkqueue: events_unbound async_run_entry_fn\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x58/0x70\n dump_stack_lvl from __warn+0x1a8/0x1cc\n __warn from warn_slowpath_fmt+0x18c/0x1b4\n warn_slowpath_fmt from input_device_enabled+0x68/0x6c\n input_device_enabled from cyapa_gen3_set_power_mode+0x13c/0x1dc\n cyapa_gen3_set_power_mode from cyapa_reinitialize+0x10c/0x15c\n cyapa_reinitialize from cyapa_resume+0x48/0x98\n cyapa_resume from dpm_run_callback+0x90/0x298\n dpm_run_callback from device_resume+0xb4/0x258\n device_resume from async_resume+0x20/0x64\n async_resume from async_run_entry_fn+0x40/0x15c\n async_run_entry_fn from process_scheduled_works+0xbc/0x6a8\n process_scheduled_works from worker_thread+0x188/0x454\n worker_thread from kthread+0x108/0x140\n kthread from ret_from_fork+0x14/0x28\nException stack(0xf1625fb0 to 0xf1625ff8)\n...\n---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:13.538Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f99809fdeb50d65bcbc1661ef391af94eebb8a75"
},
{
"url": "https://git.kernel.org/stable/c/9400caf566f65c703e99d95f87b00c4b445627a7"
},
{
"url": "https://git.kernel.org/stable/c/a4c638ab25786bd5aab5978fe51b2b9be16a4ebd"
},
{
"url": "https://git.kernel.org/stable/c/a5fc298fa8f67cf1f0e1fc126eab70578cd40adc"
},
{
"url": "https://git.kernel.org/stable/c/7b4e0b39182cf5e677c1fc092a3ec40e621c25b6"
}
],
"title": "Input: cyapa - add missing input core locking to suspend/resume functions",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52884",
"datePublished": "2024-06-21T10:18:03.669Z",
"dateReserved": "2024-05-21T15:35:00.782Z",
"dateUpdated": "2025-05-04T07:45:13.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52784 (GCVE-0-2023-52784)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bonding: stop the device in bond_setup_by_slave()
Commit 9eed321cde22 ("net: lapbether: only support ethernet devices")
has been able to keep syzbot away from net/lapb, until today.
In the following splat [1], the issue is that a lapbether device has
been created on a bonding device without members. Then adding a non
ARPHRD_ETHER member forced the bonding master to change its type.
The fix is to make sure we call dev_close() in bond_setup_by_slave()
so that the potential linked lapbether devices (or any other devices
having assumptions on the physical device) are removed.
A similar bug has been addressed in commit 40baec225765
("bonding: fix panic on non-ARPHRD_ETHER enslave failure")
[1]
skbuff: skb_under_panic: text:ffff800089508810 len:44 put:40 head:ffff0000c78e7c00 data:ffff0000c78e7bea tail:0x16 end:0x140 dev:bond0
kernel BUG at net/core/skbuff.c:192 !
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6007 Comm: syz-executor383 Not tainted 6.6.0-rc3-syzkaller-gbf6547d8715b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_panic net/core/skbuff.c:188 [inline]
pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:202
lr : skb_panic net/core/skbuff.c:188 [inline]
lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:202
sp : ffff800096a06aa0
x29: ffff800096a06ab0 x28: ffff800096a06ba0 x27: dfff800000000000
x26: ffff0000ce9b9b50 x25: 0000000000000016 x24: ffff0000c78e7bea
x23: ffff0000c78e7c00 x22: 000000000000002c x21: 0000000000000140
x20: 0000000000000028 x19: ffff800089508810 x18: ffff800096a06100
x17: 0000000000000000 x16: ffff80008a629a3c x15: 0000000000000001
x14: 1fffe00036837a32 x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000201 x10: 0000000000000000 x9 : cb50b496c519aa00
x8 : cb50b496c519aa00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff800096a063b8 x4 : ffff80008e280f80 x3 : ffff8000805ad11c
x2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000086
Call trace:
skb_panic net/core/skbuff.c:188 [inline]
skb_under_panic+0x13c/0x140 net/core/skbuff.c:202
skb_push+0xf0/0x108 net/core/skbuff.c:2446
ip6gre_header+0xbc/0x738 net/ipv6/ip6_gre.c:1384
dev_hard_header include/linux/netdevice.h:3136 [inline]
lapbeth_data_transmit+0x1c4/0x298 drivers/net/wan/lapbether.c:257
lapb_data_transmit+0x8c/0xb0 net/lapb/lapb_iface.c:447
lapb_transmit_buffer+0x178/0x204 net/lapb/lapb_out.c:149
lapb_send_control+0x220/0x320 net/lapb/lapb_subr.c:251
__lapb_disconnect_request+0x9c/0x17c net/lapb/lapb_iface.c:326
lapb_device_event+0x288/0x4e0 net/lapb/lapb_iface.c:492
notifier_call_chain+0x1a4/0x510 kernel/notifier.c:93
raw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461
call_netdevice_notifiers_info net/core/dev.c:1970 [inline]
call_netdevice_notifiers_extack net/core/dev.c:2008 [inline]
call_netdevice_notifiers net/core/dev.c:2022 [inline]
__dev_close_many+0x1b8/0x3c4 net/core/dev.c:1508
dev_close_many+0x1e0/0x470 net/core/dev.c:1559
dev_close+0x174/0x250 net/core/dev.c:1585
lapbeth_device_event+0x2e4/0x958 drivers/net/wan/lapbether.c:466
notifier_call_chain+0x1a4/0x510 kernel/notifier.c:93
raw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461
call_netdevice_notifiers_info net/core/dev.c:1970 [inline]
call_netdevice_notifiers_extack net/core/dev.c:2008 [inline]
call_netdevice_notifiers net/core/dev.c:2022 [inline]
__dev_close_many+0x1b8/0x3c4 net/core/dev.c:1508
dev_close_many+0x1e0/0x470 net/core/dev.c:1559
dev_close+0x174/0x250 net/core/dev.c:1585
bond_enslave+0x2298/0x30cc drivers/net/bonding/bond_main.c:2332
bond_do_ioctl+0x268/0xc64 drivers/net/bonding/bond_main.c:4539
dev_ifsioc+0x754/0x9ac
dev_ioctl+0x4d8/0xd34 net/core/dev_ioctl.c:786
sock_do_ioctl+0x1d4/0x2d0 net/socket.c:1217
sock_ioctl+0x4e8/0x834 net/socket.c:1322
vfs_ioctl fs/ioctl.c:51 [inline]
__do_
---truncated---
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 872254dd6b1f80cb95ee9e2e22980888533fc293 Version: 872254dd6b1f80cb95ee9e2e22980888533fc293 Version: 872254dd6b1f80cb95ee9e2e22980888533fc293 Version: 872254dd6b1f80cb95ee9e2e22980888533fc293 Version: 872254dd6b1f80cb95ee9e2e22980888533fc293 Version: 872254dd6b1f80cb95ee9e2e22980888533fc293 Version: 872254dd6b1f80cb95ee9e2e22980888533fc293 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52784",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T18:34:45.558216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:37.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/bonding/bond_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b4f0e605a508f6d7cda6df2f03a0c676b778b1fe",
"status": "affected",
"version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
"versionType": "git"
},
{
"lessThan": "396baca6683f415b5bc2b380289387bef1406edc",
"status": "affected",
"version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
"versionType": "git"
},
{
"lessThan": "53064e8239dd2ecfefc5634e991f1025abc2ee0c",
"status": "affected",
"version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
"versionType": "git"
},
{
"lessThan": "19554aa901b5833787df4417a05ccdebf351b7f4",
"status": "affected",
"version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
"versionType": "git"
},
{
"lessThan": "87c49806a37f88eddde3f537c162fd0c2834170c",
"status": "affected",
"version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
"versionType": "git"
},
{
"lessThan": "d98c91215a5748a0f536e7ccea26027005196859",
"status": "affected",
"version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
"versionType": "git"
},
{
"lessThan": "3cffa2ddc4d3fcf70cde361236f5a614f81a09b2",
"status": "affected",
"version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/bonding/bond_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.24"
},
{
"lessThan": "2.6.24",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "2.6.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: stop the device in bond_setup_by_slave()\n\nCommit 9eed321cde22 (\"net: lapbether: only support ethernet devices\")\nhas been able to keep syzbot away from net/lapb, until today.\n\nIn the following splat [1], the issue is that a lapbether device has\nbeen created on a bonding device without members. Then adding a non\nARPHRD_ETHER member forced the bonding master to change its type.\n\nThe fix is to make sure we call dev_close() in bond_setup_by_slave()\nso that the potential linked lapbether devices (or any other devices\nhaving assumptions on the physical device) are removed.\n\nA similar bug has been addressed in commit 40baec225765\n(\"bonding: fix panic on non-ARPHRD_ETHER enslave failure\")\n\n[1]\nskbuff: skb_under_panic: text:ffff800089508810 len:44 put:40 head:ffff0000c78e7c00 data:ffff0000c78e7bea tail:0x16 end:0x140 dev:bond0\nkernel BUG at net/core/skbuff.c:192 !\nInternal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 6007 Comm: syz-executor383 Not tainted 6.6.0-rc3-syzkaller-gbf6547d8715b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : skb_panic net/core/skbuff.c:188 [inline]\npc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:202\nlr : skb_panic net/core/skbuff.c:188 [inline]\nlr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:202\nsp : ffff800096a06aa0\nx29: ffff800096a06ab0 x28: ffff800096a06ba0 x27: dfff800000000000\nx26: ffff0000ce9b9b50 x25: 0000000000000016 x24: ffff0000c78e7bea\nx23: ffff0000c78e7c00 x22: 000000000000002c x21: 0000000000000140\nx20: 0000000000000028 x19: ffff800089508810 x18: ffff800096a06100\nx17: 0000000000000000 x16: ffff80008a629a3c x15: 0000000000000001\nx14: 1fffe00036837a32 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000201 x10: 0000000000000000 x9 : cb50b496c519aa00\nx8 : cb50b496c519aa00 x7 : 0000000000000001 x6 : 0000000000000001\nx5 : ffff800096a063b8 x4 : ffff80008e280f80 x3 : ffff8000805ad11c\nx2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000086\nCall trace:\nskb_panic net/core/skbuff.c:188 [inline]\nskb_under_panic+0x13c/0x140 net/core/skbuff.c:202\nskb_push+0xf0/0x108 net/core/skbuff.c:2446\nip6gre_header+0xbc/0x738 net/ipv6/ip6_gre.c:1384\ndev_hard_header include/linux/netdevice.h:3136 [inline]\nlapbeth_data_transmit+0x1c4/0x298 drivers/net/wan/lapbether.c:257\nlapb_data_transmit+0x8c/0xb0 net/lapb/lapb_iface.c:447\nlapb_transmit_buffer+0x178/0x204 net/lapb/lapb_out.c:149\nlapb_send_control+0x220/0x320 net/lapb/lapb_subr.c:251\n__lapb_disconnect_request+0x9c/0x17c net/lapb/lapb_iface.c:326\nlapb_device_event+0x288/0x4e0 net/lapb/lapb_iface.c:492\nnotifier_call_chain+0x1a4/0x510 kernel/notifier.c:93\nraw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461\ncall_netdevice_notifiers_info net/core/dev.c:1970 [inline]\ncall_netdevice_notifiers_extack net/core/dev.c:2008 [inline]\ncall_netdevice_notifiers net/core/dev.c:2022 [inline]\n__dev_close_many+0x1b8/0x3c4 net/core/dev.c:1508\ndev_close_many+0x1e0/0x470 net/core/dev.c:1559\ndev_close+0x174/0x250 net/core/dev.c:1585\nlapbeth_device_event+0x2e4/0x958 drivers/net/wan/lapbether.c:466\nnotifier_call_chain+0x1a4/0x510 kernel/notifier.c:93\nraw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461\ncall_netdevice_notifiers_info net/core/dev.c:1970 [inline]\ncall_netdevice_notifiers_extack net/core/dev.c:2008 [inline]\ncall_netdevice_notifiers net/core/dev.c:2022 [inline]\n__dev_close_many+0x1b8/0x3c4 net/core/dev.c:1508\ndev_close_many+0x1e0/0x470 net/core/dev.c:1559\ndev_close+0x174/0x250 net/core/dev.c:1585\nbond_enslave+0x2298/0x30cc drivers/net/bonding/bond_main.c:2332\nbond_do_ioctl+0x268/0xc64 drivers/net/bonding/bond_main.c:4539\ndev_ifsioc+0x754/0x9ac\ndev_ioctl+0x4d8/0xd34 net/core/dev_ioctl.c:786\nsock_do_ioctl+0x1d4/0x2d0 net/socket.c:1217\nsock_ioctl+0x4e8/0x834 net/socket.c:1322\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:09.102Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe"
},
{
"url": "https://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc"
},
{
"url": "https://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c"
},
{
"url": "https://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4"
},
{
"url": "https://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c"
},
{
"url": "https://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859"
},
{
"url": "https://git.kernel.org/stable/c/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2"
}
],
"title": "bonding: stop the device in bond_setup_by_slave()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52784",
"datePublished": "2024-05-21T15:31:02.362Z",
"dateReserved": "2024-05-21T15:19:24.240Z",
"dateUpdated": "2025-05-04T07:43:09.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52818 (GCVE-0-2023-52818)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
For pptable structs that use flexible array sizes, use flexible arrays.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e52e324a21341c97350d5f11de14721c1c609498"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfd8cd907fd94538561479a43aea455f5cf16928"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c847379a5d00078ad6fcb1c24230e72c5609342f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8af28ae3acb736ada4ce3457662fa446cc913bb4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/acdb6830de02cf2873aeaccdf2d9bca4aee50e47"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc9ac0e8e0bcb3740c6eaad3a1a50c20016d422b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6dffdddfca818c02a42b6caa1d9845995f0a1f94"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92a775e7c9707aed28782bafe636bf87675f5a97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/760efbca74a405dc439a013a5efaa9fadc95a8c3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:40.825191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:28.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/include/pptable.h",
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e52e324a21341c97350d5f11de14721c1c609498",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cfd8cd907fd94538561479a43aea455f5cf16928",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c847379a5d00078ad6fcb1c24230e72c5609342f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8af28ae3acb736ada4ce3457662fa446cc913bb4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "acdb6830de02cf2873aeaccdf2d9bca4aee50e47",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fc9ac0e8e0bcb3740c6eaad3a1a50c20016d422b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6dffdddfca818c02a42b6caa1d9845995f0a1f94",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "92a775e7c9707aed28782bafe636bf87675f5a97",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "760efbca74a405dc439a013a5efaa9fadc95a8c3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/include/pptable.h",
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Fix UBSAN array-index-out-of-bounds for SMU7\n\nFor pptable structs that use flexible array sizes, use flexible arrays."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:46.442Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e52e324a21341c97350d5f11de14721c1c609498"
},
{
"url": "https://git.kernel.org/stable/c/cfd8cd907fd94538561479a43aea455f5cf16928"
},
{
"url": "https://git.kernel.org/stable/c/c847379a5d00078ad6fcb1c24230e72c5609342f"
},
{
"url": "https://git.kernel.org/stable/c/8af28ae3acb736ada4ce3457662fa446cc913bb4"
},
{
"url": "https://git.kernel.org/stable/c/acdb6830de02cf2873aeaccdf2d9bca4aee50e47"
},
{
"url": "https://git.kernel.org/stable/c/fc9ac0e8e0bcb3740c6eaad3a1a50c20016d422b"
},
{
"url": "https://git.kernel.org/stable/c/6dffdddfca818c02a42b6caa1d9845995f0a1f94"
},
{
"url": "https://git.kernel.org/stable/c/92a775e7c9707aed28782bafe636bf87675f5a97"
},
{
"url": "https://git.kernel.org/stable/c/760efbca74a405dc439a013a5efaa9fadc95a8c3"
}
],
"title": "drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52818",
"datePublished": "2024-05-21T15:31:24.915Z",
"dateReserved": "2024-05-21T15:19:24.249Z",
"dateUpdated": "2025-05-04T07:43:46.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26482 (GCVE-0-2024-26482)
Vulnerability from cvelistv5
Published
2024-02-22 00:00
Modified
2024-08-29 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-HTML-Injection-19ca19686d0a4533ab4b0c53fc977eef?pvs=4"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kirby:kirby_cms:4.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kirby_cms",
"vendor": "kirby",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26482",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:59:02.052210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T18:01:13.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter\u0027s mentioned \"injecting malicious scripts\" would not occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-26T18:41:44.083411",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-HTML-Injection-19ca19686d0a4533ab4b0c53fc977eef?pvs=4"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-26482",
"datePublished": "2024-02-22T00:00:00",
"dateReserved": "2024-02-19T00:00:00",
"dateUpdated": "2024-08-29T18:01:13.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26767 (GCVE-0-2024-26767)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-21 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fixed integer types and null check locations
[why]:
issues fixed:
- comparison with wider integer type in loop condition which can cause
infinite loops
- pointer dereference before null check
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:27:45.666742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:27:54.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71783d1ff65204d69207fd156d4b2eb1d3882375"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beea9ab9080cd2ef46296070bb327af066ee09d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0484e05d048b66d01d1f3c1d2306010bb57d8738"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c",
"drivers/gpu/drm/amd/display/dc/link/link_validation.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "070fda699dfdce560755379bc428d9edada7a54e",
"status": "affected",
"version": "7ef414375fcc001b6d0745d2931d91c9c736e18d",
"versionType": "git"
},
{
"lessThan": "71783d1ff65204d69207fd156d4b2eb1d3882375",
"status": "affected",
"version": "7ef414375fcc001b6d0745d2931d91c9c736e18d",
"versionType": "git"
},
{
"lessThan": "beea9ab9080cd2ef46296070bb327af066ee09d7",
"status": "affected",
"version": "7ef414375fcc001b6d0745d2931d91c9c736e18d",
"versionType": "git"
},
{
"lessThan": "0484e05d048b66d01d1f3c1d2306010bb57d8738",
"status": "affected",
"version": "7ef414375fcc001b6d0745d2931d91c9c736e18d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c",
"drivers/gpu/drm/amd/display/dc/link/link_validation.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.130",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fixed integer types and null check locations\n\n[why]:\nissues fixed:\n- comparison with wider integer type in loop condition which can cause\ninfinite loops\n- pointer dereference before null check"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:12:23.794Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/070fda699dfdce560755379bc428d9edada7a54e"
},
{
"url": "https://git.kernel.org/stable/c/71783d1ff65204d69207fd156d4b2eb1d3882375"
},
{
"url": "https://git.kernel.org/stable/c/beea9ab9080cd2ef46296070bb327af066ee09d7"
},
{
"url": "https://git.kernel.org/stable/c/0484e05d048b66d01d1f3c1d2306010bb57d8738"
}
],
"title": "drm/amd/display: fixed integer types and null check locations",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26767",
"datePublished": "2024-04-03T17:00:49.315Z",
"dateReserved": "2024-02-19T14:20:24.173Z",
"dateUpdated": "2025-05-21T09:12:23.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38551 (GCVE-0-2024-38551)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: mediatek: Assign dummy when codec not specified for a DAI link
MediaTek sound card drivers are checking whether a DAI link is present
and used on a board to assign the correct parameters and this is done
by checking the codec DAI names at probe time.
If no real codec is present, assign the dummy codec to the DAI link
to avoid NULL pointer during string comparison.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87b8dca6e06f9b1681bc52bf7bfa85c663a11158"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cbbcabc7f0979f6542372cf88d7a9da7143a4226"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c052b1c11d8119f3048b1f7b3c39a90500cacf9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f39231888c63f0a7708abc86b51b847476379d8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:53.931621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:57.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/mediatek/common/mtk-soundcard-driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "87b8dca6e06f9b1681bc52bf7bfa85c663a11158",
"status": "affected",
"version": "4302187d955f166c03b4fa7c993b89ffbabfca4e",
"versionType": "git"
},
{
"lessThan": "cbbcabc7f0979f6542372cf88d7a9da7143a4226",
"status": "affected",
"version": "4302187d955f166c03b4fa7c993b89ffbabfca4e",
"versionType": "git"
},
{
"lessThan": "0c052b1c11d8119f3048b1f7b3c39a90500cacf9",
"status": "affected",
"version": "4302187d955f166c03b4fa7c993b89ffbabfca4e",
"versionType": "git"
},
{
"lessThan": "5f39231888c63f0a7708abc86b51b847476379d8",
"status": "affected",
"version": "4302187d955f166c03b4fa7c993b89ffbabfca4e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/mediatek/common/mtk-soundcard-driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Assign dummy when codec not specified for a DAI link\n\nMediaTek sound card drivers are checking whether a DAI link is present\nand used on a board to assign the correct parameters and this is done\nby checking the codec DAI names at probe time.\n\nIf no real codec is present, assign the dummy codec to the DAI link\nto avoid NULL pointer during string comparison."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:49.352Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/87b8dca6e06f9b1681bc52bf7bfa85c663a11158"
},
{
"url": "https://git.kernel.org/stable/c/cbbcabc7f0979f6542372cf88d7a9da7143a4226"
},
{
"url": "https://git.kernel.org/stable/c/0c052b1c11d8119f3048b1f7b3c39a90500cacf9"
},
{
"url": "https://git.kernel.org/stable/c/5f39231888c63f0a7708abc86b51b847476379d8"
}
],
"title": "ASoC: mediatek: Assign dummy when codec not specified for a DAI link",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38551",
"datePublished": "2024-06-19T13:35:23.364Z",
"dateReserved": "2024-06-18T19:36:34.920Z",
"dateUpdated": "2025-05-04T09:13:49.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52762 (GCVE-0-2023-52762)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
virtio-blk: fix implicit overflow on virtio_max_dma_size
The following codes have an implicit conversion from size_t to u32:
(u32)max_size = (size_t)virtio_max_dma_size(vdev);
This may lead overflow, Ex (size_t)4G -> (u32)0. Once
virtio_max_dma_size() has a larger size than U32_MAX, use U32_MAX
instead.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72775cad7f572bb2501f9ea609e1d20e68f0b38b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/472bd4787406bef2e8b41ee4c74d960a06a49a48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/017278f141141367f7d14b203e930b45b6ffffb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d667fe301dcbcb12d1d6494fc4b8abee2cb75d90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fafb51a67fb883eb2dde352539df939a251851be"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:37:09.603259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:55.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/virtio_blk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "72775cad7f572bb2501f9ea609e1d20e68f0b38b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "472bd4787406bef2e8b41ee4c74d960a06a49a48",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "017278f141141367f7d14b203e930b45b6ffffb9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d667fe301dcbcb12d1d6494fc4b8abee2cb75d90",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fafb51a67fb883eb2dde352539df939a251851be",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/virtio_blk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-blk: fix implicit overflow on virtio_max_dma_size\n\nThe following codes have an implicit conversion from size_t to u32:\n(u32)max_size = (size_t)virtio_max_dma_size(vdev);\n\nThis may lead overflow, Ex (size_t)4G -\u003e (u32)0. Once\nvirtio_max_dma_size() has a larger size than U32_MAX, use U32_MAX\ninstead."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:38.396Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/72775cad7f572bb2501f9ea609e1d20e68f0b38b"
},
{
"url": "https://git.kernel.org/stable/c/472bd4787406bef2e8b41ee4c74d960a06a49a48"
},
{
"url": "https://git.kernel.org/stable/c/017278f141141367f7d14b203e930b45b6ffffb9"
},
{
"url": "https://git.kernel.org/stable/c/d667fe301dcbcb12d1d6494fc4b8abee2cb75d90"
},
{
"url": "https://git.kernel.org/stable/c/fafb51a67fb883eb2dde352539df939a251851be"
}
],
"title": "virtio-blk: fix implicit overflow on virtio_max_dma_size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52762",
"datePublished": "2024-05-21T15:30:47.724Z",
"dateReserved": "2024-05-21T15:19:24.238Z",
"dateUpdated": "2025-05-04T07:42:38.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52853 (GCVE-0-2023-52853)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hid: cp2112: Fix duplicate workqueue initialization
Previously the cp2112 driver called INIT_DELAYED_WORK within
cp2112_gpio_irq_startup, resulting in duplicate initilizations of the
workqueue on subsequent IRQ startups following an initial request. This
resulted in a warning in set_work_data in workqueue.c, as well as a rare
NULL dereference within process_one_work in workqueue.c.
Initialize the workqueue within _probe instead.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:51:33.652573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:57.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df0daac2709473531d6a3472997cc65301ac06d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/727203e6e7e7020e1246fc1628cbdb8d90177819"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d959406c8fff2334d83d0c352d54fd6f5b2e7cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/012d0c66f9392a99232ac28217229f32dd3a70cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bafb12b629b7c3ad59812dd1ac1b0618062e0e38"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb5718bc67337dde1528661f419ffcf275757592"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb1121fac7986b30915ba20c5a04cc01fdcf160c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3c2d2d144c082dd71596953193adf9891491f42"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-cp2112.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "df0daac2709473531d6a3472997cc65301ac06d6",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
},
{
"lessThan": "727203e6e7e7020e1246fc1628cbdb8d90177819",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
},
{
"lessThan": "3d959406c8fff2334d83d0c352d54fd6f5b2e7cd",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
},
{
"lessThan": "012d0c66f9392a99232ac28217229f32dd3a70cf",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
},
{
"lessThan": "bafb12b629b7c3ad59812dd1ac1b0618062e0e38",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
},
{
"lessThan": "fb5718bc67337dde1528661f419ffcf275757592",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
},
{
"lessThan": "eb1121fac7986b30915ba20c5a04cc01fdcf160c",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
},
{
"lessThan": "e3c2d2d144c082dd71596953193adf9891491f42",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-cp2112.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhid: cp2112: Fix duplicate workqueue initialization\n\nPreviously the cp2112 driver called INIT_DELAYED_WORK within\ncp2112_gpio_irq_startup, resulting in duplicate initilizations of the\nworkqueue on subsequent IRQ startups following an initial request. This\nresulted in a warning in set_work_data in workqueue.c, as well as a rare\nNULL dereference within process_one_work in workqueue.c.\n\nInitialize the workqueue within _probe instead."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:21.084Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/df0daac2709473531d6a3472997cc65301ac06d6"
},
{
"url": "https://git.kernel.org/stable/c/727203e6e7e7020e1246fc1628cbdb8d90177819"
},
{
"url": "https://git.kernel.org/stable/c/3d959406c8fff2334d83d0c352d54fd6f5b2e7cd"
},
{
"url": "https://git.kernel.org/stable/c/012d0c66f9392a99232ac28217229f32dd3a70cf"
},
{
"url": "https://git.kernel.org/stable/c/bafb12b629b7c3ad59812dd1ac1b0618062e0e38"
},
{
"url": "https://git.kernel.org/stable/c/fb5718bc67337dde1528661f419ffcf275757592"
},
{
"url": "https://git.kernel.org/stable/c/eb1121fac7986b30915ba20c5a04cc01fdcf160c"
},
{
"url": "https://git.kernel.org/stable/c/e3c2d2d144c082dd71596953193adf9891491f42"
}
],
"title": "hid: cp2112: Fix duplicate workqueue initialization",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52853",
"datePublished": "2024-05-21T15:31:48.571Z",
"dateReserved": "2024-05-21T15:19:24.256Z",
"dateUpdated": "2025-05-04T07:44:21.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52753 (GCVE-0-2023-52753)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-07-11 17:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid NULL dereference of timing generator
[Why & How]
Check whether assigned timing generator is NULL or not before
accessing its funcs to prevent NULL dereference.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T19:43:36.953665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:11.593Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09909f515032fa80b921fd3118efe66b185d10fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eac3e4760aa12159f7f5475d55a67b7933abc195"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79b6a90f4f2433312154cd68452b0ba501fa74db"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e497f1acd99075b13605b2e7fa0cba721a2cfd9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a06894666e0b462c9316b26ab615cefdd0d676c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d8653b1a7a8dc938b566ae8c4f373b36e792c68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df8bc953eed72371e43ca407bd063507f760cf89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1904ed480cee3f9f4036ea0e36d139cb5fee2d6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "09909f515032fa80b921fd3118efe66b185d10fd",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "eac3e4760aa12159f7f5475d55a67b7933abc195",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "79b6a90f4f2433312154cd68452b0ba501fa74db",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "4e497f1acd99075b13605b2e7fa0cba721a2cfd9",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "8a06894666e0b462c9316b26ab615cefdd0d676c",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "6d8653b1a7a8dc938b566ae8c4f373b36e792c68",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "df8bc953eed72371e43ca407bd063507f760cf89",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "b1904ed480cee3f9f4036ea0e36d139cb5fee2d6",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid NULL dereference of timing generator\n\n[Why \u0026 How]\nCheck whether assigned timing generator is NULL or not before\naccessing its funcs to prevent NULL dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:19:34.797Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/09909f515032fa80b921fd3118efe66b185d10fd"
},
{
"url": "https://git.kernel.org/stable/c/eac3e4760aa12159f7f5475d55a67b7933abc195"
},
{
"url": "https://git.kernel.org/stable/c/79b6a90f4f2433312154cd68452b0ba501fa74db"
},
{
"url": "https://git.kernel.org/stable/c/4e497f1acd99075b13605b2e7fa0cba721a2cfd9"
},
{
"url": "https://git.kernel.org/stable/c/8a06894666e0b462c9316b26ab615cefdd0d676c"
},
{
"url": "https://git.kernel.org/stable/c/6d8653b1a7a8dc938b566ae8c4f373b36e792c68"
},
{
"url": "https://git.kernel.org/stable/c/df8bc953eed72371e43ca407bd063507f760cf89"
},
{
"url": "https://git.kernel.org/stable/c/b1904ed480cee3f9f4036ea0e36d139cb5fee2d6"
}
],
"title": "drm/amd/display: Avoid NULL dereference of timing generator",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52753",
"datePublished": "2024-05-21T15:30:41.548Z",
"dateReserved": "2024-05-21T15:19:24.234Z",
"dateUpdated": "2025-07-11T17:19:34.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52868 (GCVE-0-2023-52868)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
thermal: core: prevent potential string overflow
The dev->id value comes from ida_alloc() so it's a number between zero
and INT_MAX. If it's too high then these sprintf()s will overflow.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T19:32:21.368633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:15.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b55f0a9f865be75ca1019aad331f3225f7b50ce8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ad1bf47fbe5750c4d5d8e41337665e193e2c521"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3091ab943dfc7b2578599b0fe203350286fab5bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f795fb35c2d8a637efe76b4518216c9319b998c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a8f4e58e1ee707b4f46a1000b40b86ea3dd509c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77ff34a56b695e228e6daf30ee30be747973d6e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f6b3be28c4d62ef6498133959c72266629bea97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edbd6bbe40ac524a8f2273ffacc53edf14f3c686"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c99626092efca3061b387043d4a7399bf75fbdd5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/thermal_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b55f0a9f865be75ca1019aad331f3225f7b50ce8",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "6ad1bf47fbe5750c4d5d8e41337665e193e2c521",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "3091ab943dfc7b2578599b0fe203350286fab5bb",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "3f795fb35c2d8a637efe76b4518216c9319b998c",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "3a8f4e58e1ee707b4f46a1000b40b86ea3dd509c",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "77ff34a56b695e228e6daf30ee30be747973d6e8",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "0f6b3be28c4d62ef6498133959c72266629bea97",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "edbd6bbe40ac524a8f2273ffacc53edf14f3c686",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "c99626092efca3061b387043d4a7399bf75fbdd5",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/thermal_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.25"
},
{
"lessThan": "2.6.25",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.330",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.330",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "2.6.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: prevent potential string overflow\n\nThe dev-\u003eid value comes from ida_alloc() so it\u0027s a number between zero\nand INT_MAX. If it\u0027s too high then these sprintf()s will overflow."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:38.572Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b55f0a9f865be75ca1019aad331f3225f7b50ce8"
},
{
"url": "https://git.kernel.org/stable/c/6ad1bf47fbe5750c4d5d8e41337665e193e2c521"
},
{
"url": "https://git.kernel.org/stable/c/3091ab943dfc7b2578599b0fe203350286fab5bb"
},
{
"url": "https://git.kernel.org/stable/c/3f795fb35c2d8a637efe76b4518216c9319b998c"
},
{
"url": "https://git.kernel.org/stable/c/3a8f4e58e1ee707b4f46a1000b40b86ea3dd509c"
},
{
"url": "https://git.kernel.org/stable/c/77ff34a56b695e228e6daf30ee30be747973d6e8"
},
{
"url": "https://git.kernel.org/stable/c/0f6b3be28c4d62ef6498133959c72266629bea97"
},
{
"url": "https://git.kernel.org/stable/c/edbd6bbe40ac524a8f2273ffacc53edf14f3c686"
},
{
"url": "https://git.kernel.org/stable/c/c99626092efca3061b387043d4a7399bf75fbdd5"
}
],
"title": "thermal: core: prevent potential string overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52868",
"datePublished": "2024-05-21T15:31:58.530Z",
"dateReserved": "2024-05-21T15:19:24.263Z",
"dateUpdated": "2025-05-04T07:44:38.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36938 (GCVE-0-2024-36938)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which
syzbot reported [1].
[1]
BUG: KCSAN: data-race in sk_psock_drop / sk_psock_skb_ingress_enqueue
write to 0xffff88814b3278b8 of 8 bytes by task 10724 on cpu 1:
sk_psock_stop_verdict net/core/skmsg.c:1257 [inline]
sk_psock_drop+0x13e/0x1f0 net/core/skmsg.c:843
sk_psock_put include/linux/skmsg.h:459 [inline]
sock_map_close+0x1a7/0x260 net/core/sock_map.c:1648
unix_release+0x4b/0x80 net/unix/af_unix.c:1048
__sock_release net/socket.c:659 [inline]
sock_close+0x68/0x150 net/socket.c:1421
__fput+0x2c1/0x660 fs/file_table.c:422
__fput_sync+0x44/0x60 fs/file_table.c:507
__do_sys_close fs/open.c:1556 [inline]
__se_sys_close+0x101/0x1b0 fs/open.c:1541
__x64_sys_close+0x1f/0x30 fs/open.c:1541
do_syscall_64+0xd3/0x1d0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
read to 0xffff88814b3278b8 of 8 bytes by task 10713 on cpu 0:
sk_psock_data_ready include/linux/skmsg.h:464 [inline]
sk_psock_skb_ingress_enqueue+0x32d/0x390 net/core/skmsg.c:555
sk_psock_skb_ingress_self+0x185/0x1e0 net/core/skmsg.c:606
sk_psock_verdict_apply net/core/skmsg.c:1008 [inline]
sk_psock_verdict_recv+0x3e4/0x4a0 net/core/skmsg.c:1202
unix_read_skb net/unix/af_unix.c:2546 [inline]
unix_stream_read_skb+0x9e/0xf0 net/unix/af_unix.c:2682
sk_psock_verdict_data_ready+0x77/0x220 net/core/skmsg.c:1223
unix_stream_sendmsg+0x527/0x860 net/unix/af_unix.c:2339
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x140/0x180 net/socket.c:745
____sys_sendmsg+0x312/0x410 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmsg+0x1e9/0x280 net/socket.c:2667
__do_sys_sendmsg net/socket.c:2676 [inline]
__se_sys_sendmsg net/socket.c:2674 [inline]
__x64_sys_sendmsg+0x46/0x50 net/socket.c:2674
do_syscall_64+0xd3/0x1d0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
value changed: 0xffffffff83d7feb0 -> 0x0000000000000000
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 10713 Comm: syz-executor.4 Tainted: G W 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Prior to this, commit 4cd12c6065df ("bpf, sockmap: Fix NULL pointer
dereference in sk_psock_verdict_data_ready()") fixed one NULL pointer
similarly due to no protection of saved_data_ready. Here is another
different caller causing the same issue because of the same reason. So
we should protect it with sk_callback_lock read lock because the writer
side in the sk_psock_drop() uses "write_lock_bh(&sk->sk_callback_lock);".
To avoid errors that could happen in future, I move those two pairs of
lock into the sk_psock_data_ready(), which is suggested by John Fastabend.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 604326b41a6fb9b4a78b6179335decee0365cd8c Version: 604326b41a6fb9b4a78b6179335decee0365cd8c Version: 604326b41a6fb9b4a78b6179335decee0365cd8c Version: 604326b41a6fb9b4a78b6179335decee0365cd8c Version: 604326b41a6fb9b4a78b6179335decee0365cd8c Version: 604326b41a6fb9b4a78b6179335decee0365cd8c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:38:33.489892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:04.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0809c128dad4c3413818384eb06a341633db973"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5965bc7535fb87510b724e5465ccc1a1cf00916d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39dc9e1442385d6e9be0b6491ee488dddd55ae27"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b397a0ab8582c533ec0c6b732392f141fc364f87"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/772d5729b5ff0df0d37b32db600ce635b2172f80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6648e613226e18897231ab5e42ffc29e63fa3365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/skmsg.h",
"net/core/skmsg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c0809c128dad4c3413818384eb06a341633db973",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "5965bc7535fb87510b724e5465ccc1a1cf00916d",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "39dc9e1442385d6e9be0b6491ee488dddd55ae27",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "b397a0ab8582c533ec0c6b732392f141fc364f87",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "772d5729b5ff0df0d37b32db600ce635b2172f80",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "6648e613226e18897231ab5e42ffc29e63fa3365",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/skmsg.h",
"net/core/skmsg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue\n\nFix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which\nsyzbot reported [1].\n\n[1]\nBUG: KCSAN: data-race in sk_psock_drop / sk_psock_skb_ingress_enqueue\n\nwrite to 0xffff88814b3278b8 of 8 bytes by task 10724 on cpu 1:\n sk_psock_stop_verdict net/core/skmsg.c:1257 [inline]\n sk_psock_drop+0x13e/0x1f0 net/core/skmsg.c:843\n sk_psock_put include/linux/skmsg.h:459 [inline]\n sock_map_close+0x1a7/0x260 net/core/sock_map.c:1648\n unix_release+0x4b/0x80 net/unix/af_unix.c:1048\n __sock_release net/socket.c:659 [inline]\n sock_close+0x68/0x150 net/socket.c:1421\n __fput+0x2c1/0x660 fs/file_table.c:422\n __fput_sync+0x44/0x60 fs/file_table.c:507\n __do_sys_close fs/open.c:1556 [inline]\n __se_sys_close+0x101/0x1b0 fs/open.c:1541\n __x64_sys_close+0x1f/0x30 fs/open.c:1541\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nread to 0xffff88814b3278b8 of 8 bytes by task 10713 on cpu 0:\n sk_psock_data_ready include/linux/skmsg.h:464 [inline]\n sk_psock_skb_ingress_enqueue+0x32d/0x390 net/core/skmsg.c:555\n sk_psock_skb_ingress_self+0x185/0x1e0 net/core/skmsg.c:606\n sk_psock_verdict_apply net/core/skmsg.c:1008 [inline]\n sk_psock_verdict_recv+0x3e4/0x4a0 net/core/skmsg.c:1202\n unix_read_skb net/unix/af_unix.c:2546 [inline]\n unix_stream_read_skb+0x9e/0xf0 net/unix/af_unix.c:2682\n sk_psock_verdict_data_ready+0x77/0x220 net/core/skmsg.c:1223\n unix_stream_sendmsg+0x527/0x860 net/unix/af_unix.c:2339\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x140/0x180 net/socket.c:745\n ____sys_sendmsg+0x312/0x410 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x1e9/0x280 net/socket.c:2667\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x46/0x50 net/socket.c:2674\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nvalue changed: 0xffffffff83d7feb0 -\u003e 0x0000000000000000\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 10713 Comm: syz-executor.4 Tainted: G W 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\n\nPrior to this, commit 4cd12c6065df (\"bpf, sockmap: Fix NULL pointer\ndereference in sk_psock_verdict_data_ready()\") fixed one NULL pointer\nsimilarly due to no protection of saved_data_ready. Here is another\ndifferent caller causing the same issue because of the same reason. So\nwe should protect it with sk_callback_lock read lock because the writer\nside in the sk_psock_drop() uses \"write_lock_bh(\u0026sk-\u003esk_callback_lock);\".\n\nTo avoid errors that could happen in future, I move those two pairs of\nlock into the sk_psock_data_ready(), which is suggested by John Fastabend."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:27.522Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c0809c128dad4c3413818384eb06a341633db973"
},
{
"url": "https://git.kernel.org/stable/c/5965bc7535fb87510b724e5465ccc1a1cf00916d"
},
{
"url": "https://git.kernel.org/stable/c/39dc9e1442385d6e9be0b6491ee488dddd55ae27"
},
{
"url": "https://git.kernel.org/stable/c/b397a0ab8582c533ec0c6b732392f141fc364f87"
},
{
"url": "https://git.kernel.org/stable/c/772d5729b5ff0df0d37b32db600ce635b2172f80"
},
{
"url": "https://git.kernel.org/stable/c/6648e613226e18897231ab5e42ffc29e63fa3365"
}
],
"title": "bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36938",
"datePublished": "2024-05-30T15:29:26.929Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2025-05-04T09:12:27.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38565 (GCVE-0-2024-38565)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ar5523: enable proper endpoint verification
Syzkaller reports [1] hitting a warning about an endpoint in use
not having an expected type to it.
Fix the issue by checking for the existence of all proper
endpoints with their according types intact.
Sadly, this patch has not been tested on real hardware.
[1] Syzkaller report:
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 0 PID: 3643 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
...
Call Trace:
<TASK>
ar5523_cmd+0x41b/0x780 drivers/net/wireless/ath/ar5523/ar5523.c:275
ar5523_cmd_read drivers/net/wireless/ath/ar5523/ar5523.c:302 [inline]
ar5523_host_available drivers/net/wireless/ath/ar5523/ar5523.c:1376 [inline]
ar5523_probe+0x14b0/0x1d10 drivers/net/wireless/ath/ar5523/ar5523.c:1655
usb_probe_interface+0x30f/0x7f0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:560 [inline]
really_probe+0x249/0xb90 drivers/base/dd.c:639
__driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
__device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936
bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427
__device_attach+0x1e4/0x530 drivers/base/dd.c:1008
bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487
device_add+0xbd9/0x1e90 drivers/base/core.c:3517
usb_set_configuration+0x101d/0x1900 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0xbe/0x100 drivers/usb/core/generic.c:238
usb_probe_device+0xd8/0x2c0 drivers/usb/core/driver.c:293
call_driver_probe drivers/base/dd.c:560 [inline]
really_probe+0x249/0xb90 drivers/base/dd.c:639
__driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
__device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936
bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427
__device_attach+0x1e4/0x530 drivers/base/dd.c:1008
bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487
device_add+0xbd9/0x1e90 drivers/base/core.c:3517
usb_new_device.cold+0x685/0x10ad drivers/usb/core/hub.c:2573
hub_port_connect drivers/usb/core/hub.c:5353 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
port_event drivers/usb/core/hub.c:5653 [inline]
hub_event+0x26cb/0x45d0 drivers/usb/core/hub.c:5735
process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
worker_thread+0x669/0x1090 kernel/workqueue.c:2436
kthread+0x2e8/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 Version: b7d572e1871df06a96a1c9591c71c5494ff6b624 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:24:16.719538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T14:41:42.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79ddf5f2020fd593d50f1363bb5131283d74f78f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68a5a00c5d38978a3f8460c6f182f7beec8688ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee25389df80138907bc9dcdf4a2be2067cde9a81"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4c24de37a6bb383394a6fef2b85a6db41d426f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34f7ebff1b9699e0b89fa58b693bc098c2f5ec72"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b33a81e4ecfb022b028cae37d1c1ce28ac1b359d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beeed260b92af158592f5e8d2dab65dae45c6f70"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7bbf76c9bb2c58375e183074e44f9712483f0603"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e120b6388d7d88635d67dcae6483f39c37111850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ar5523/ar5523.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "79ddf5f2020fd593d50f1363bb5131283d74f78f",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "68a5a00c5d38978a3f8460c6f182f7beec8688ff",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "ee25389df80138907bc9dcdf4a2be2067cde9a81",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "b4c24de37a6bb383394a6fef2b85a6db41d426f5",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "34f7ebff1b9699e0b89fa58b693bc098c2f5ec72",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "b33a81e4ecfb022b028cae37d1c1ce28ac1b359d",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "beeed260b92af158592f5e8d2dab65dae45c6f70",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "7bbf76c9bb2c58375e183074e44f9712483f0603",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
},
{
"lessThan": "e120b6388d7d88635d67dcae6483f39c37111850",
"status": "affected",
"version": "b7d572e1871df06a96a1c9591c71c5494ff6b624",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ar5523/ar5523.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ar5523: enable proper endpoint verification\n\nSyzkaller reports [1] hitting a warning about an endpoint in use\nnot having an expected type to it.\n\nFix the issue by checking for the existence of all proper\nendpoints with their according types intact.\n\nSadly, this patch has not been tested on real hardware.\n\n[1] Syzkaller report:\n------------[ cut here ]------------\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 3643 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n \u003cTASK\u003e\n ar5523_cmd+0x41b/0x780 drivers/net/wireless/ath/ar5523/ar5523.c:275\n ar5523_cmd_read drivers/net/wireless/ath/ar5523/ar5523.c:302 [inline]\n ar5523_host_available drivers/net/wireless/ath/ar5523/ar5523.c:1376 [inline]\n ar5523_probe+0x14b0/0x1d10 drivers/net/wireless/ath/ar5523/ar5523.c:1655\n usb_probe_interface+0x30f/0x7f0 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:560 [inline]\n really_probe+0x249/0xb90 drivers/base/dd.c:639\n __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778\n driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808\n __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936\n bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427\n __device_attach+0x1e4/0x530 drivers/base/dd.c:1008\n bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487\n device_add+0xbd9/0x1e90 drivers/base/core.c:3517\n usb_set_configuration+0x101d/0x1900 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0xbe/0x100 drivers/usb/core/generic.c:238\n usb_probe_device+0xd8/0x2c0 drivers/usb/core/driver.c:293\n call_driver_probe drivers/base/dd.c:560 [inline]\n really_probe+0x249/0xb90 drivers/base/dd.c:639\n __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778\n driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808\n __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936\n bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427\n __device_attach+0x1e4/0x530 drivers/base/dd.c:1008\n bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487\n device_add+0xbd9/0x1e90 drivers/base/core.c:3517\n usb_new_device.cold+0x685/0x10ad drivers/usb/core/hub.c:2573\n hub_port_connect drivers/usb/core/hub.c:5353 [inline]\n hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]\n port_event drivers/usb/core/hub.c:5653 [inline]\n hub_event+0x26cb/0x45d0 drivers/usb/core/hub.c:5735\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:13.790Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/79ddf5f2020fd593d50f1363bb5131283d74f78f"
},
{
"url": "https://git.kernel.org/stable/c/68a5a00c5d38978a3f8460c6f182f7beec8688ff"
},
{
"url": "https://git.kernel.org/stable/c/ee25389df80138907bc9dcdf4a2be2067cde9a81"
},
{
"url": "https://git.kernel.org/stable/c/b4c24de37a6bb383394a6fef2b85a6db41d426f5"
},
{
"url": "https://git.kernel.org/stable/c/34f7ebff1b9699e0b89fa58b693bc098c2f5ec72"
},
{
"url": "https://git.kernel.org/stable/c/b33a81e4ecfb022b028cae37d1c1ce28ac1b359d"
},
{
"url": "https://git.kernel.org/stable/c/beeed260b92af158592f5e8d2dab65dae45c6f70"
},
{
"url": "https://git.kernel.org/stable/c/7bbf76c9bb2c58375e183074e44f9712483f0603"
},
{
"url": "https://git.kernel.org/stable/c/e120b6388d7d88635d67dcae6483f39c37111850"
}
],
"title": "wifi: ar5523: enable proper endpoint verification",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38565",
"datePublished": "2024-06-19T13:35:32.920Z",
"dateReserved": "2024-06-18T19:36:34.923Z",
"dateUpdated": "2025-05-04T09:14:13.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38615 (GCVE-0-2024-38615)
Vulnerability from cvelistv5
Published
2024-06-19 13:56
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: exit() callback is optional
The exit() callback is optional and shouldn't be called without checking
a valid pointer first.
Also, we must clear freq_table pointer even if the exit() callback isn't
present.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 91a12e91dc39137906d929a4ff6f9c32c59697fa Version: 91a12e91dc39137906d929a4ff6f9c32c59697fa Version: 91a12e91dc39137906d929a4ff6f9c32c59697fa Version: 91a12e91dc39137906d929a4ff6f9c32c59697fa Version: 91a12e91dc39137906d929a4ff6f9c32c59697fa Version: 91a12e91dc39137906d929a4ff6f9c32c59697fa Version: 91a12e91dc39137906d929a4ff6f9c32c59697fa Version: 91a12e91dc39137906d929a4ff6f9c32c59697fa |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T18:14:33.990176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T18:14:41.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d730b465e377396d2a09a53524b96b111f7ccb6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dfc56ff5ec9904c008e9376d90a6d7e2d2bec4d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35db5e76d5e9f752476df5fa0b9018a2398b0378"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8bc9546805e572ad101681437a49939f28777273"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3e99f060cfd2e36504d62c9132b453ade5027e1c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae37ebca325097d773d7bb6ec069123b30772872"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a8204d1b6ff762d2171d365c2c8560285d0a233d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8f85833c05730d631576008daaa34096bc7f3ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/cpufreq/cpufreq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2d730b465e377396d2a09a53524b96b111f7ccb6",
"status": "affected",
"version": "91a12e91dc39137906d929a4ff6f9c32c59697fa",
"versionType": "git"
},
{
"lessThan": "dfc56ff5ec9904c008e9376d90a6d7e2d2bec4d3",
"status": "affected",
"version": "91a12e91dc39137906d929a4ff6f9c32c59697fa",
"versionType": "git"
},
{
"lessThan": "35db5e76d5e9f752476df5fa0b9018a2398b0378",
"status": "affected",
"version": "91a12e91dc39137906d929a4ff6f9c32c59697fa",
"versionType": "git"
},
{
"lessThan": "8bc9546805e572ad101681437a49939f28777273",
"status": "affected",
"version": "91a12e91dc39137906d929a4ff6f9c32c59697fa",
"versionType": "git"
},
{
"lessThan": "3e99f060cfd2e36504d62c9132b453ade5027e1c",
"status": "affected",
"version": "91a12e91dc39137906d929a4ff6f9c32c59697fa",
"versionType": "git"
},
{
"lessThan": "ae37ebca325097d773d7bb6ec069123b30772872",
"status": "affected",
"version": "91a12e91dc39137906d929a4ff6f9c32c59697fa",
"versionType": "git"
},
{
"lessThan": "a8204d1b6ff762d2171d365c2c8560285d0a233d",
"status": "affected",
"version": "91a12e91dc39137906d929a4ff6f9c32c59697fa",
"versionType": "git"
},
{
"lessThan": "b8f85833c05730d631576008daaa34096bc7f3ce",
"status": "affected",
"version": "91a12e91dc39137906d929a4ff6f9c32c59697fa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/cpufreq/cpufreq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: exit() callback is optional\n\nThe exit() callback is optional and shouldn\u0027t be called without checking\na valid pointer first.\n\nAlso, we must clear freq_table pointer even if the exit() callback isn\u0027t\npresent."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:21.129Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2d730b465e377396d2a09a53524b96b111f7ccb6"
},
{
"url": "https://git.kernel.org/stable/c/dfc56ff5ec9904c008e9376d90a6d7e2d2bec4d3"
},
{
"url": "https://git.kernel.org/stable/c/35db5e76d5e9f752476df5fa0b9018a2398b0378"
},
{
"url": "https://git.kernel.org/stable/c/8bc9546805e572ad101681437a49939f28777273"
},
{
"url": "https://git.kernel.org/stable/c/3e99f060cfd2e36504d62c9132b453ade5027e1c"
},
{
"url": "https://git.kernel.org/stable/c/ae37ebca325097d773d7bb6ec069123b30772872"
},
{
"url": "https://git.kernel.org/stable/c/a8204d1b6ff762d2171d365c2c8560285d0a233d"
},
{
"url": "https://git.kernel.org/stable/c/b8f85833c05730d631576008daaa34096bc7f3ce"
}
],
"title": "cpufreq: exit() callback is optional",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38615",
"datePublished": "2024-06-19T13:56:15.422Z",
"dateReserved": "2024-06-18T19:36:34.944Z",
"dateUpdated": "2025-05-04T09:15:21.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52826 (GCVE-0-2023-52826)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference
In tpg110_get_modes(), the return value of drm_mode_duplicate() is
assigned to mode, which will lead to a NULL pointer dereference on
failure of drm_mode_duplicate(). Add a check to avoid npd.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T16:22:54.826543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:44.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9acc2bc00135e9ecd13a70ce1140e2673e504cdc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84c923d898905187ebfd4c0ef38cd1450af7e0ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0bc9ab0a161a9745273f5bf723733a8e6c57aca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9268bfd76bebc85ff221691b61498cc16d75451c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eaede6900c0961b072669d6bd97fe8f90ed1900f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f22def5970c423ea7f87d5247bd0ef91416b0658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/panel/panel-tpo-tpg110.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9acc2bc00135e9ecd13a70ce1140e2673e504cdc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "84c923d898905187ebfd4c0ef38cd1450af7e0ea",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d0bc9ab0a161a9745273f5bf723733a8e6c57aca",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9268bfd76bebc85ff221691b61498cc16d75451c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eaede6900c0961b072669d6bd97fe8f90ed1900f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f22def5970c423ea7f87d5247bd0ef91416b0658",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/panel/panel-tpo-tpg110.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel/panel-tpo-tpg110: fix a possible null pointer dereference\n\nIn tpg110_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:50.892Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9acc2bc00135e9ecd13a70ce1140e2673e504cdc"
},
{
"url": "https://git.kernel.org/stable/c/84c923d898905187ebfd4c0ef38cd1450af7e0ea"
},
{
"url": "https://git.kernel.org/stable/c/d0bc9ab0a161a9745273f5bf723733a8e6c57aca"
},
{
"url": "https://git.kernel.org/stable/c/9268bfd76bebc85ff221691b61498cc16d75451c"
},
{
"url": "https://git.kernel.org/stable/c/eaede6900c0961b072669d6bd97fe8f90ed1900f"
},
{
"url": "https://git.kernel.org/stable/c/f22def5970c423ea7f87d5247bd0ef91416b0658"
}
],
"title": "drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52826",
"datePublished": "2024-05-21T15:31:30.184Z",
"dateReserved": "2024-05-21T15:19:24.251Z",
"dateUpdated": "2025-05-04T07:43:50.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52811 (GCVE-0-2023-52811)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
In practice the driver should never send more commands than are allocated
to a queue's event pool. In the unlikely event that this happens, the code
asserts a BUG_ON, and in the case that the kernel is not configured to
crash on panic returns a junk event pointer from the empty event list
causing things to spiral from there. This BUG_ON is a historical artifact
of the ibmvfc driver first being upstreamed, and it is well known now that
the use of BUG_ON is bad practice except in the most unrecoverable
scenario. There is nothing about this scenario that prevents the driver
from recovering and carrying on.
Remove the BUG_ON in question from ibmvfc_get_event() and return a NULL
pointer in the case of an empty event pool. Update all call sites to
ibmvfc_get_event() to check for a NULL pointer and perfrom the appropriate
failure or recovery action.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T17:41:58.046532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T14:23:46.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e1d1f79b1929dce470a5dc9281c574cd58e8c6c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88984ec4792766df5a9de7a2ff2b5f281f94c7d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d2af4ef80601224b90630c1ddc7cd2c7c8ab4dd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8bbe784c2ff28d56ca0c548aaf3e584edc77052d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b39f2d10b86d0af353ea339e5815820026bca48f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/ibmvscsi/ibmvfc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e1d1f79b1929dce470a5dc9281c574cd58e8c6c0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "88984ec4792766df5a9de7a2ff2b5f281f94c7d4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d2af4ef80601224b90630c1ddc7cd2c7c8ab4dd8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8bbe784c2ff28d56ca0c548aaf3e584edc77052d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b39f2d10b86d0af353ea339e5815820026bca48f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/ibmvscsi/ibmvfc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ibmvfc: Remove BUG_ON in the case of an empty event pool\n\nIn practice the driver should never send more commands than are allocated\nto a queue\u0027s event pool. In the unlikely event that this happens, the code\nasserts a BUG_ON, and in the case that the kernel is not configured to\ncrash on panic returns a junk event pointer from the empty event list\ncausing things to spiral from there. This BUG_ON is a historical artifact\nof the ibmvfc driver first being upstreamed, and it is well known now that\nthe use of BUG_ON is bad practice except in the most unrecoverable\nscenario. There is nothing about this scenario that prevents the driver\nfrom recovering and carrying on.\n\nRemove the BUG_ON in question from ibmvfc_get_event() and return a NULL\npointer in the case of an empty event pool. Update all call sites to\nibmvfc_get_event() to check for a NULL pointer and perfrom the appropriate\nfailure or recovery action."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:38.190Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e1d1f79b1929dce470a5dc9281c574cd58e8c6c0"
},
{
"url": "https://git.kernel.org/stable/c/88984ec4792766df5a9de7a2ff2b5f281f94c7d4"
},
{
"url": "https://git.kernel.org/stable/c/d2af4ef80601224b90630c1ddc7cd2c7c8ab4dd8"
},
{
"url": "https://git.kernel.org/stable/c/8bbe784c2ff28d56ca0c548aaf3e584edc77052d"
},
{
"url": "https://git.kernel.org/stable/c/b39f2d10b86d0af353ea339e5815820026bca48f"
}
],
"title": "scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52811",
"datePublished": "2024-05-21T15:31:20.282Z",
"dateReserved": "2024-05-21T15:19:24.248Z",
"dateUpdated": "2025-05-04T07:43:38.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38547 (GCVE-0-2024-38547)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-09-29 10:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries
The allocation failure of mycs->yuv_scaler_binary in load_video_binaries()
is followed with a dereference of mycs->yuv_scaler_binary after the
following call chain:
sh_css_pipe_load_binaries()
|-> load_video_binaries(mycs->yuv_scaler_binary == NULL)
|
|-> sh_css_pipe_unload_binaries()
|-> unload_video_binaries()
In unload_video_binaries(), it calls to ia_css_binary_unload with argument
&pipe->pipe_settings.video.yuv_scaler_binary[i], which refers to the
same memory slot as mycs->yuv_scaler_binary. Thus, a null-pointer
dereference is triggered.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a49d25364dfb9f8a64037488a39ab1f56c5fa419 Version: ad85094b293e40e7a2f831b0311a389d952ebd5e Version: ad85094b293e40e7a2f831b0311a389d952ebd5e Version: ad85094b293e40e7a2f831b0311a389d952ebd5e Version: ad85094b293e40e7a2f831b0311a389d952ebd5e Version: ad85094b293e40e7a2f831b0311a389d952ebd5e Version: ad85094b293e40e7a2f831b0311a389d952ebd5e Version: ad85094b293e40e7a2f831b0311a389d952ebd5e |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b68b861b514a5c09220d622ac3784c0ebac6c80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82c2c85aead3ea3cbceef4be077cf459c5df2272"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1ab99dcc8604afe7e3bccb01b10da03bdd7ea35"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc20c87b04db86c8e3e810bcdca686b406206069"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69b27ff82f87379afeaaea4b2f339032fdd8486e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6482c433863b257b0b9b687c28ce80b89d5f89f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b621e9e9e148c0928ab109ac3d4b81487469acb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:00.678473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:57.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/media/atomisp/pci/sh_css.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "51b8dc5163d2ff2bf04019f8bf7e3bd0e75bb654",
"status": "affected",
"version": "a49d25364dfb9f8a64037488a39ab1f56c5fa419",
"versionType": "git"
},
{
"lessThan": "4b68b861b514a5c09220d622ac3784c0ebac6c80",
"status": "affected",
"version": "ad85094b293e40e7a2f831b0311a389d952ebd5e",
"versionType": "git"
},
{
"lessThan": "82c2c85aead3ea3cbceef4be077cf459c5df2272",
"status": "affected",
"version": "ad85094b293e40e7a2f831b0311a389d952ebd5e",
"versionType": "git"
},
{
"lessThan": "a1ab99dcc8604afe7e3bccb01b10da03bdd7ea35",
"status": "affected",
"version": "ad85094b293e40e7a2f831b0311a389d952ebd5e",
"versionType": "git"
},
{
"lessThan": "cc20c87b04db86c8e3e810bcdca686b406206069",
"status": "affected",
"version": "ad85094b293e40e7a2f831b0311a389d952ebd5e",
"versionType": "git"
},
{
"lessThan": "69b27ff82f87379afeaaea4b2f339032fdd8486e",
"status": "affected",
"version": "ad85094b293e40e7a2f831b0311a389d952ebd5e",
"versionType": "git"
},
{
"lessThan": "6482c433863b257b0b9b687c28ce80b89d5f89f0",
"status": "affected",
"version": "ad85094b293e40e7a2f831b0311a389d952ebd5e",
"versionType": "git"
},
{
"lessThan": "3b621e9e9e148c0928ab109ac3d4b81487469acb",
"status": "affected",
"version": "ad85094b293e40e7a2f831b0311a389d952ebd5e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/media/atomisp/pci/sh_css.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "4.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.18",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries\n\nThe allocation failure of mycs-\u003eyuv_scaler_binary in load_video_binaries()\nis followed with a dereference of mycs-\u003eyuv_scaler_binary after the\nfollowing call chain:\n\nsh_css_pipe_load_binaries()\n |-\u003e load_video_binaries(mycs-\u003eyuv_scaler_binary == NULL)\n |\n |-\u003e sh_css_pipe_unload_binaries()\n |-\u003e unload_video_binaries()\n\nIn unload_video_binaries(), it calls to ia_css_binary_unload with argument\n\u0026pipe-\u003epipe_settings.video.yuv_scaler_binary[i], which refers to the\nsame memory slot as mycs-\u003eyuv_scaler_binary. Thus, a null-pointer\ndereference is triggered."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T10:41:21.875Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/51b8dc5163d2ff2bf04019f8bf7e3bd0e75bb654"
},
{
"url": "https://git.kernel.org/stable/c/4b68b861b514a5c09220d622ac3784c0ebac6c80"
},
{
"url": "https://git.kernel.org/stable/c/82c2c85aead3ea3cbceef4be077cf459c5df2272"
},
{
"url": "https://git.kernel.org/stable/c/a1ab99dcc8604afe7e3bccb01b10da03bdd7ea35"
},
{
"url": "https://git.kernel.org/stable/c/cc20c87b04db86c8e3e810bcdca686b406206069"
},
{
"url": "https://git.kernel.org/stable/c/69b27ff82f87379afeaaea4b2f339032fdd8486e"
},
{
"url": "https://git.kernel.org/stable/c/6482c433863b257b0b9b687c28ce80b89d5f89f0"
},
{
"url": "https://git.kernel.org/stable/c/3b621e9e9e148c0928ab109ac3d4b81487469acb"
}
],
"title": "media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38547",
"datePublished": "2024-06-19T13:35:20.689Z",
"dateReserved": "2024-06-18T19:36:34.919Z",
"dateUpdated": "2025-09-29T10:41:21.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35848 (GCVE-0-2024-35848)
Vulnerability from cvelistv5
Published
2024-05-17 14:47
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
eeprom: at24: fix memory corruption race condition
If the eeprom is not accessible, an nvmem device will be registered, the
read will fail, and the device will be torn down. If another driver
accesses the nvmem device after the teardown, it will reference
invalid memory.
Move the failure point before registering the nvmem device.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b20eb4c1f0261eebe6e1b9221c0d6e4048837778 Version: b20eb4c1f0261eebe6e1b9221c0d6e4048837778 Version: b20eb4c1f0261eebe6e1b9221c0d6e4048837778 Version: b20eb4c1f0261eebe6e1b9221c0d6e4048837778 Version: b20eb4c1f0261eebe6e1b9221c0d6e4048837778 Version: b20eb4c1f0261eebe6e1b9221c0d6e4048837778 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T17:15:51.983063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:04.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c850f71fca09ea41800ed55905980063d17e01da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26d32bec4c6d255a03762f33c637bfa3718be15a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c43e5028f5a35331eb25017f5ff6cc21735005c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2af84c46b9b8f2d6c0f88d09ee5c849ae1734676"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d8b56ec0c8f30d5657382f47344a32569f7a9bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f42c97027fb75776e2e9358d16bf4a99aeb04cf2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/misc/eeprom/at24.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c850f71fca09ea41800ed55905980063d17e01da",
"status": "affected",
"version": "b20eb4c1f0261eebe6e1b9221c0d6e4048837778",
"versionType": "git"
},
{
"lessThan": "26d32bec4c6d255a03762f33c637bfa3718be15a",
"status": "affected",
"version": "b20eb4c1f0261eebe6e1b9221c0d6e4048837778",
"versionType": "git"
},
{
"lessThan": "c43e5028f5a35331eb25017f5ff6cc21735005c6",
"status": "affected",
"version": "b20eb4c1f0261eebe6e1b9221c0d6e4048837778",
"versionType": "git"
},
{
"lessThan": "2af84c46b9b8f2d6c0f88d09ee5c849ae1734676",
"status": "affected",
"version": "b20eb4c1f0261eebe6e1b9221c0d6e4048837778",
"versionType": "git"
},
{
"lessThan": "6d8b56ec0c8f30d5657382f47344a32569f7a9bc",
"status": "affected",
"version": "b20eb4c1f0261eebe6e1b9221c0d6e4048837778",
"versionType": "git"
},
{
"lessThan": "f42c97027fb75776e2e9358d16bf4a99aeb04cf2",
"status": "affected",
"version": "b20eb4c1f0261eebe6e1b9221c0d6e4048837778",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/misc/eeprom/at24.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\neeprom: at24: fix memory corruption race condition\n\nIf the eeprom is not accessible, an nvmem device will be registered, the\nread will fail, and the device will be torn down. If another driver\naccesses the nvmem device after the teardown, it will reference\ninvalid memory.\n\nMove the failure point before registering the nvmem device."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:46.323Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c850f71fca09ea41800ed55905980063d17e01da"
},
{
"url": "https://git.kernel.org/stable/c/26d32bec4c6d255a03762f33c637bfa3718be15a"
},
{
"url": "https://git.kernel.org/stable/c/c43e5028f5a35331eb25017f5ff6cc21735005c6"
},
{
"url": "https://git.kernel.org/stable/c/2af84c46b9b8f2d6c0f88d09ee5c849ae1734676"
},
{
"url": "https://git.kernel.org/stable/c/6d8b56ec0c8f30d5657382f47344a32569f7a9bc"
},
{
"url": "https://git.kernel.org/stable/c/f42c97027fb75776e2e9358d16bf4a99aeb04cf2"
}
],
"title": "eeprom: at24: fix memory corruption race condition",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35848",
"datePublished": "2024-05-17T14:47:26.828Z",
"dateReserved": "2024-05-17T13:50:33.105Z",
"dateUpdated": "2025-05-04T09:06:46.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38580 (GCVE-0-2024-38580)
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
epoll: be better about file lifetimes
epoll can call out to vfs_poll() with a file pointer that may race with
the last 'fput()'. That would make f_count go down to zero, and while
the ep->mtx locking means that the resulting file pointer tear-down will
be blocked until the poll returns, it means that f_count is already
dead, and any use of it won't actually get a reference to the file any
more: it's dead regardless.
Make sure we have a valid ref on the file pointer before we call down to
vfs_poll() from the epoll routines.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/559214eb4e5c3d05e69428af2fae2691ba1eb784"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f65f4defe4e23659275ce5153541cd4f76ce2d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16e3182f6322575eb7c12e728ad3c7986a189d5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:59.808885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:55.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/eventpoll.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "559214eb4e5c3d05e69428af2fae2691ba1eb784",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4f65f4defe4e23659275ce5153541cd4f76ce2d2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "16e3182f6322575eb7c12e728ad3c7986a189d5d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4efaa5acf0a1d2b5947f98abb3acf8bfd966422b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/eventpoll.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nepoll: be better about file lifetimes\n\nepoll can call out to vfs_poll() with a file pointer that may race with\nthe last \u0027fput()\u0027. That would make f_count go down to zero, and while\nthe ep-\u003emtx locking means that the resulting file pointer tear-down will\nbe blocked until the poll returns, it means that f_count is already\ndead, and any use of it won\u0027t actually get a reference to the file any\nmore: it\u0027s dead regardless.\n\nMake sure we have a valid ref on the file pointer before we call down to\nvfs_poll() from the epoll routines."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:33.781Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e"
},
{
"url": "https://git.kernel.org/stable/c/559214eb4e5c3d05e69428af2fae2691ba1eb784"
},
{
"url": "https://git.kernel.org/stable/c/4f65f4defe4e23659275ce5153541cd4f76ce2d2"
},
{
"url": "https://git.kernel.org/stable/c/16e3182f6322575eb7c12e728ad3c7986a189d5d"
},
{
"url": "https://git.kernel.org/stable/c/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b"
}
],
"title": "epoll: be better about file lifetimes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38580",
"datePublished": "2024-06-19T13:37:37.840Z",
"dateReserved": "2024-06-18T19:36:34.927Z",
"dateUpdated": "2025-05-04T09:14:33.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52777 (GCVE-0-2023-52777)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: fix gtk offload status event locking
The ath11k active pdevs are protected by RCU but the gtk offload status
event handling code calling ath11k_mac_get_arvif_by_vdev_id() was not
marked as a read-side critical section.
Mark the code in question as an RCU read-side critical section to avoid
any potential use-after-free issues.
Compile tested only.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T19:02:33.104865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T19:03:07.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0cf7577b6b3153b4b49deea9719fe43f96469c6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf9c7d783a2bf9305df4ef5b93d9063a52e18fca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e83246ecd3b193f8d91fce778e8a5ba747fc7d8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1dea3c0720a146bd7193969f2847ccfed5be2221"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0cf7577b6b3153b4b49deea9719fe43f96469c6d",
"status": "affected",
"version": "a16d9b50cfbaf112401b8e5ccfa852709f498cd4",
"versionType": "git"
},
{
"lessThan": "cf9c7d783a2bf9305df4ef5b93d9063a52e18fca",
"status": "affected",
"version": "a16d9b50cfbaf112401b8e5ccfa852709f498cd4",
"versionType": "git"
},
{
"lessThan": "e83246ecd3b193f8d91fce778e8a5ba747fc7d8a",
"status": "affected",
"version": "a16d9b50cfbaf112401b8e5ccfa852709f498cd4",
"versionType": "git"
},
{
"lessThan": "1dea3c0720a146bd7193969f2847ccfed5be2221",
"status": "affected",
"version": "a16d9b50cfbaf112401b8e5ccfa852709f498cd4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix gtk offload status event locking\n\nThe ath11k active pdevs are protected by RCU but the gtk offload status\nevent handling code calling ath11k_mac_get_arvif_by_vdev_id() was not\nmarked as a read-side critical section.\n\nMark the code in question as an RCU read-side critical section to avoid\nany potential use-after-free issues.\n\nCompile tested only."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:01.606Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0cf7577b6b3153b4b49deea9719fe43f96469c6d"
},
{
"url": "https://git.kernel.org/stable/c/cf9c7d783a2bf9305df4ef5b93d9063a52e18fca"
},
{
"url": "https://git.kernel.org/stable/c/e83246ecd3b193f8d91fce778e8a5ba747fc7d8a"
},
{
"url": "https://git.kernel.org/stable/c/1dea3c0720a146bd7193969f2847ccfed5be2221"
}
],
"title": "wifi: ath11k: fix gtk offload status event locking",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52777",
"datePublished": "2024-05-21T15:30:57.598Z",
"dateReserved": "2024-05-21T15:19:24.240Z",
"dateUpdated": "2025-05-04T07:43:01.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52807 (GCVE-0-2023-52807)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs
The hns3 driver define an array of string to show the coalesce
info, but if the kernel adds a new mode or a new state,
out-of-bounds access may occur when coalesce info is read via
debugfs, this patch fix the problem.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:36:46.627147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:37:02.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07f5b8c47152cadbd9102e053dcb60685820aa09"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be1f703f39efa27b7371b9a4cd983317f1366792"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f79d985c69060047426be68b7e4c1663d5d731b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53aba458f23846112c0d44239580ff59bc5c36c3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "07f5b8c47152cadbd9102e053dcb60685820aa09",
"status": "affected",
"version": "c99fead7cb07979f5db38035ccb5f02ad2c7106a",
"versionType": "git"
},
{
"lessThan": "be1f703f39efa27b7371b9a4cd983317f1366792",
"status": "affected",
"version": "c99fead7cb07979f5db38035ccb5f02ad2c7106a",
"versionType": "git"
},
{
"lessThan": "f79d985c69060047426be68b7e4c1663d5d731b4",
"status": "affected",
"version": "c99fead7cb07979f5db38035ccb5f02ad2c7106a",
"versionType": "git"
},
{
"lessThan": "53aba458f23846112c0d44239580ff59bc5c36c3",
"status": "affected",
"version": "c99fead7cb07979f5db38035ccb5f02ad2c7106a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs\n\nThe hns3 driver define an array of string to show the coalesce\ninfo, but if the kernel adds a new mode or a new state,\nout-of-bounds access may occur when coalesce info is read via\ndebugfs, this patch fix the problem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:33.747Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/07f5b8c47152cadbd9102e053dcb60685820aa09"
},
{
"url": "https://git.kernel.org/stable/c/be1f703f39efa27b7371b9a4cd983317f1366792"
},
{
"url": "https://git.kernel.org/stable/c/f79d985c69060047426be68b7e4c1663d5d731b4"
},
{
"url": "https://git.kernel.org/stable/c/53aba458f23846112c0d44239580ff59bc5c36c3"
}
],
"title": "net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52807",
"datePublished": "2024-05-21T15:31:17.686Z",
"dateReserved": "2024-05-21T15:19:24.248Z",
"dateUpdated": "2025-05-04T07:43:33.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26813 (GCVE-0-2024-26813)
Vulnerability from cvelistv5
Published
2024-04-05 08:24
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vfio/platform: Create persistent IRQ handlers
The vfio-platform SET_IRQS ioctl currently allows loopback triggering of
an interrupt before a signaling eventfd has been configured by the user,
which thereby allows a NULL pointer dereference.
Rather than register the IRQ relative to a valid trigger, register all
IRQs in a disabled state in the device open path. This allows mask
operations on the IRQ to nest within the overall enable state governed
by a valid eventfd signal. This decouples @masked, protected by the
@locked spinlock from @trigger, protected via the @igate mutex.
In doing so, it's guaranteed that changes to @trigger cannot race the
IRQ handlers because the IRQ handler is synchronously disabled before
modifying the trigger, and loopback triggering of the IRQ via ioctl is
safe due to serialization with trigger changes via igate.
For compatibility, request_irq() failures are maintained to be local to
the SET_IRQS ioctl rather than a fatal error in the open device path.
This allows, for example, a userspace driver with polling mode support
to continue to work regardless of moving the request_irq() call site.
This necessarily blocks all SET_IRQS access to the failed index.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 Version: 57f972e2b341dd6a73533f9293ec55d584a5d833 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09452c8fcbd7817c06e8e3212d99b45917e603a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc5838f19d39a5fef04c468199699d2a4578be3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7932db06c82c5b2f42a4d1a849d97dba9ce4a362"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62d4e43a569b67929eb3319780be5359694c8086"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d6bedd6acc0bcb1e7e010bc046032e47f08d379f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f8d8f9c2173a541812dd750529f4a415117eb29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/675daf435e9f8e5a5eab140a9864dfad6668b375"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:50:36.972269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:44.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vfio/platform/vfio_platform_irq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
},
{
"lessThan": "09452c8fcbd7817c06e8e3212d99b45917e603a5",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
},
{
"lessThan": "cc5838f19d39a5fef04c468199699d2a4578be3a",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
},
{
"lessThan": "7932db06c82c5b2f42a4d1a849d97dba9ce4a362",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
},
{
"lessThan": "62d4e43a569b67929eb3319780be5359694c8086",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
},
{
"lessThan": "d6bedd6acc0bcb1e7e010bc046032e47f08d379f",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
},
{
"lessThan": "0f8d8f9c2173a541812dd750529f4a415117eb29",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
},
{
"lessThan": "675daf435e9f8e5a5eab140a9864dfad6668b375",
"status": "affected",
"version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vfio/platform/vfio_platform_irq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.1"
},
{
"lessThan": "4.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: Create persistent IRQ handlers\n\nThe vfio-platform SET_IRQS ioctl currently allows loopback triggering of\nan interrupt before a signaling eventfd has been configured by the user,\nwhich thereby allows a NULL pointer dereference.\n\nRather than register the IRQ relative to a valid trigger, register all\nIRQs in a disabled state in the device open path. This allows mask\noperations on the IRQ to nest within the overall enable state governed\nby a valid eventfd signal. This decouples @masked, protected by the\n@locked spinlock from @trigger, protected via the @igate mutex.\n\nIn doing so, it\u0027s guaranteed that changes to @trigger cannot race the\nIRQ handlers because the IRQ handler is synchronously disabled before\nmodifying the trigger, and loopback triggering of the IRQ via ioctl is\nsafe due to serialization with trigger changes via igate.\n\nFor compatibility, request_irq() failures are maintained to be local to\nthe SET_IRQS ioctl rather than a fatal error in the open device path.\nThis allows, for example, a userspace driver with polling mode support\nto continue to work regardless of moving the request_irq() call site.\nThis necessarily blocks all SET_IRQS access to the failed index."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:08.928Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e"
},
{
"url": "https://git.kernel.org/stable/c/09452c8fcbd7817c06e8e3212d99b45917e603a5"
},
{
"url": "https://git.kernel.org/stable/c/cc5838f19d39a5fef04c468199699d2a4578be3a"
},
{
"url": "https://git.kernel.org/stable/c/7932db06c82c5b2f42a4d1a849d97dba9ce4a362"
},
{
"url": "https://git.kernel.org/stable/c/62d4e43a569b67929eb3319780be5359694c8086"
},
{
"url": "https://git.kernel.org/stable/c/d6bedd6acc0bcb1e7e010bc046032e47f08d379f"
},
{
"url": "https://git.kernel.org/stable/c/0f8d8f9c2173a541812dd750529f4a415117eb29"
},
{
"url": "https://git.kernel.org/stable/c/675daf435e9f8e5a5eab140a9864dfad6668b375"
}
],
"title": "vfio/platform: Create persistent IRQ handlers",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26813",
"datePublished": "2024-04-05T08:24:43.279Z",
"dateReserved": "2024-02-19T14:20:24.180Z",
"dateUpdated": "2025-05-04T08:57:08.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36973 (GCVE-0-2024-36973)
Vulnerability from cvelistv5
Published
2024-06-17 17:51
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe()
When auxiliary_device_add() returns error and then calls
auxiliary_device_uninit(), callback function
gp_auxiliary_device_release() calls ida_free() and
kfree(aux_device_wrapper) to free memory. We should't
call them again in the error handling path.
Fix this by skipping the redundant cleanup functions.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T20:17:26.989474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T20:17:41.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34ae447b138680b5ed3660f7d935ff3faf88ba1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/86c9713602f786f441630c4ee02891987f8618b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1efe551982297924d05a367aa2b6ec3d275d5742"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/086c6cbcc563c81d55257f9b27e14faf1d0963d3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "34ae447b138680b5ed3660f7d935ff3faf88ba1a",
"status": "affected",
"version": "393fc2f5948fd340d016a9557eea6e1ac2f6c60c",
"versionType": "git"
},
{
"lessThan": "86c9713602f786f441630c4ee02891987f8618b9",
"status": "affected",
"version": "393fc2f5948fd340d016a9557eea6e1ac2f6c60c",
"versionType": "git"
},
{
"lessThan": "1efe551982297924d05a367aa2b6ec3d275d5742",
"status": "affected",
"version": "393fc2f5948fd340d016a9557eea6e1ac2f6c60c",
"versionType": "git"
},
{
"lessThan": "086c6cbcc563c81d55257f9b27e14faf1d0963d3",
"status": "affected",
"version": "393fc2f5948fd340d016a9557eea6e1ac2f6c60c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe()\n\nWhen auxiliary_device_add() returns error and then calls\nauxiliary_device_uninit(), callback function\ngp_auxiliary_device_release() calls ida_free() and\nkfree(aux_device_wrapper) to free memory. We should\u0027t\ncall them again in the error handling path.\n\nFix this by skipping the redundant cleanup functions."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:09.116Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/34ae447b138680b5ed3660f7d935ff3faf88ba1a"
},
{
"url": "https://git.kernel.org/stable/c/86c9713602f786f441630c4ee02891987f8618b9"
},
{
"url": "https://git.kernel.org/stable/c/1efe551982297924d05a367aa2b6ec3d275d5742"
},
{
"url": "https://git.kernel.org/stable/c/086c6cbcc563c81d55257f9b27e14faf1d0963d3"
}
],
"title": "misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36973",
"datePublished": "2024-06-17T17:51:52.112Z",
"dateReserved": "2024-05-30T15:25:07.082Z",
"dateUpdated": "2025-05-04T09:13:09.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52873 (GCVE-0-2023-52873)
Vulnerability from cvelistv5
Published
2024-05-21 15:32
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
Add the check for the return value of mtk_alloc_clk_data() in order to
avoid NULL pointer dereference.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 710774e048614c761a39a98e8d0fa75f688c83b6 Version: 710774e048614c761a39a98e8d0fa75f688c83b6 Version: 710774e048614c761a39a98e8d0fa75f688c83b6 Version: 710774e048614c761a39a98e8d0fa75f688c83b6 Version: 710774e048614c761a39a98e8d0fa75f688c83b6 Version: 710774e048614c761a39a98e8d0fa75f688c83b6 Version: 710774e048614c761a39a98e8d0fa75f688c83b6 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:20:52.471859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:59.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fbe466f06d4ea18745da0d57540539b7b36936ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3994387ba3564976731179c4d4a6d7850ddda71a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca6d565a2319d69d9766e6ecbb5af827fc4afb2b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df1c4a9efa3f5b6fb5e0ae63890230dbe2190b7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a90239551abc181687f8c0ba60b276f7d75c141e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6a7c51cf07a399ec067d39f0a22f1817c5c7d2b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f57f78fbacf630430bf954e5a84caafdfea30c0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt6779.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fbe466f06d4ea18745da0d57540539b7b36936ae",
"status": "affected",
"version": "710774e048614c761a39a98e8d0fa75f688c83b6",
"versionType": "git"
},
{
"lessThan": "3994387ba3564976731179c4d4a6d7850ddda71a",
"status": "affected",
"version": "710774e048614c761a39a98e8d0fa75f688c83b6",
"versionType": "git"
},
{
"lessThan": "ca6d565a2319d69d9766e6ecbb5af827fc4afb2b",
"status": "affected",
"version": "710774e048614c761a39a98e8d0fa75f688c83b6",
"versionType": "git"
},
{
"lessThan": "df1c4a9efa3f5b6fb5e0ae63890230dbe2190b7e",
"status": "affected",
"version": "710774e048614c761a39a98e8d0fa75f688c83b6",
"versionType": "git"
},
{
"lessThan": "a90239551abc181687f8c0ba60b276f7d75c141e",
"status": "affected",
"version": "710774e048614c761a39a98e8d0fa75f688c83b6",
"versionType": "git"
},
{
"lessThan": "f6a7c51cf07a399ec067d39f0a22f1817c5c7d2b",
"status": "affected",
"version": "710774e048614c761a39a98e8d0fa75f688c83b6",
"versionType": "git"
},
{
"lessThan": "1f57f78fbacf630430bf954e5a84caafdfea30c0",
"status": "affected",
"version": "710774e048614c761a39a98e8d0fa75f688c83b6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt6779.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data\n\nAdd the check for the return value of mtk_alloc_clk_data() in order to\navoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:49.415Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fbe466f06d4ea18745da0d57540539b7b36936ae"
},
{
"url": "https://git.kernel.org/stable/c/3994387ba3564976731179c4d4a6d7850ddda71a"
},
{
"url": "https://git.kernel.org/stable/c/ca6d565a2319d69d9766e6ecbb5af827fc4afb2b"
},
{
"url": "https://git.kernel.org/stable/c/df1c4a9efa3f5b6fb5e0ae63890230dbe2190b7e"
},
{
"url": "https://git.kernel.org/stable/c/a90239551abc181687f8c0ba60b276f7d75c141e"
},
{
"url": "https://git.kernel.org/stable/c/f6a7c51cf07a399ec067d39f0a22f1817c5c7d2b"
},
{
"url": "https://git.kernel.org/stable/c/1f57f78fbacf630430bf954e5a84caafdfea30c0"
}
],
"title": "clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52873",
"datePublished": "2024-05-21T15:32:07.253Z",
"dateReserved": "2024-05-21T15:19:24.264Z",
"dateUpdated": "2025-05-04T07:44:49.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38572 (GCVE-0-2024-38572)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix out-of-bound access of qmi_invoke_handler()
Currently, there is no terminator entry for ath12k_qmi_msg_handlers hence
facing below KASAN warning,
==================================================================
BUG: KASAN: global-out-of-bounds in qmi_invoke_handler+0xa4/0x148
Read of size 8 at addr ffffffd00a6428d8 by task kworker/u8:2/1273
CPU: 0 PID: 1273 Comm: kworker/u8:2 Not tainted 5.4.213 #0
Workqueue: qmi_msg_handler qmi_data_ready_work
Call trace:
dump_backtrace+0x0/0x20c
show_stack+0x14/0x1c
dump_stack+0xe0/0x138
print_address_description.isra.5+0x30/0x330
__kasan_report+0x16c/0x1bc
kasan_report+0xc/0x14
__asan_load8+0xa8/0xb0
qmi_invoke_handler+0xa4/0x148
qmi_handle_message+0x18c/0x1bc
qmi_data_ready_work+0x4ec/0x528
process_one_work+0x2c0/0x440
worker_thread+0x324/0x4b8
kthread+0x210/0x228
ret_from_fork+0x10/0x18
The address belongs to the variable:
ath12k_mac_mon_status_filter_default+0x4bd8/0xfffffffffffe2300 [ath12k]
[...]
==================================================================
Add a dummy terminator entry at the end to assist the qmi_invoke_handler()
in traversing up to the terminator entry without accessing an
out-of-boundary index.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95575de7dede7b1ed3b9718dab9dda97914ea775"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b48d40f5840c505b7af700594aa8379eec28e925"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1abdb63628b04855a929850772de97435ed1555"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e1bdff48a1bb4a4ac660c19c55a820968c48b3f2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:15.867309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:56.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/qmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "95575de7dede7b1ed3b9718dab9dda97914ea775",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "b48d40f5840c505b7af700594aa8379eec28e925",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "a1abdb63628b04855a929850772de97435ed1555",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "e1bdff48a1bb4a4ac660c19c55a820968c48b3f2",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/qmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix out-of-bound access of qmi_invoke_handler()\n\nCurrently, there is no terminator entry for ath12k_qmi_msg_handlers hence\nfacing below KASAN warning,\n\n ==================================================================\n BUG: KASAN: global-out-of-bounds in qmi_invoke_handler+0xa4/0x148\n Read of size 8 at addr ffffffd00a6428d8 by task kworker/u8:2/1273\n\n CPU: 0 PID: 1273 Comm: kworker/u8:2 Not tainted 5.4.213 #0\n Workqueue: qmi_msg_handler qmi_data_ready_work\n Call trace:\n dump_backtrace+0x0/0x20c\n show_stack+0x14/0x1c\n dump_stack+0xe0/0x138\n print_address_description.isra.5+0x30/0x330\n __kasan_report+0x16c/0x1bc\n kasan_report+0xc/0x14\n __asan_load8+0xa8/0xb0\n qmi_invoke_handler+0xa4/0x148\n qmi_handle_message+0x18c/0x1bc\n qmi_data_ready_work+0x4ec/0x528\n process_one_work+0x2c0/0x440\n worker_thread+0x324/0x4b8\n kthread+0x210/0x228\n ret_from_fork+0x10/0x18\n\n The address belongs to the variable:\n ath12k_mac_mon_status_filter_default+0x4bd8/0xfffffffffffe2300 [ath12k]\n [...]\n ==================================================================\n\nAdd a dummy terminator entry at the end to assist the qmi_invoke_handler()\nin traversing up to the terminator entry without accessing an\nout-of-boundary index.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:23.115Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/95575de7dede7b1ed3b9718dab9dda97914ea775"
},
{
"url": "https://git.kernel.org/stable/c/b48d40f5840c505b7af700594aa8379eec28e925"
},
{
"url": "https://git.kernel.org/stable/c/a1abdb63628b04855a929850772de97435ed1555"
},
{
"url": "https://git.kernel.org/stable/c/e1bdff48a1bb4a4ac660c19c55a820968c48b3f2"
}
],
"title": "wifi: ath12k: fix out-of-bound access of qmi_invoke_handler()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38572",
"datePublished": "2024-06-19T13:35:37.666Z",
"dateReserved": "2024-06-18T19:36:34.924Z",
"dateUpdated": "2025-05-04T09:14:23.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52804 (GCVE-0-2023-52804)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/jfs: Add validity check for db_maxag and db_agpref
Both db_maxag and db_agpref are used as the index of the
db_agfree array, but there is currently no validity check for
db_maxag and db_agpref, which can lead to errors.
The following is related bug reported by Syzbot:
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:639:20
index 7936 is out of range for type 'atomic_t[128]'
Add checking that the values of db_maxag and db_agpref are valid
indexes for the db_agfree array.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0649e2dd4a3595b5595a29d0064d047c2fae2fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce15b0f1a431168f07b1cc6c9f71206a2db5c809"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32bd8f1cbcf8b663e29dd1f908ba3a129541a11b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6c8863fb3f57700ab583d875adda04caaf2278a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f74d336990f37703a8eee77153463d65b67f70e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5013f8269887642cca784adc8db9b5f0b771533f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dca403bb035a565bb98ecc1dda5d30f676feda40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2323de34a3ae61a9f9b544c18583f71cea86721f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64933ab7b04881c6c18b21ff206c12278341c72e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:50.346379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:54.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a0649e2dd4a3595b5595a29d0064d047c2fae2fb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ce15b0f1a431168f07b1cc6c9f71206a2db5c809",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "32bd8f1cbcf8b663e29dd1f908ba3a129541a11b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c6c8863fb3f57700ab583d875adda04caaf2278a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1f74d336990f37703a8eee77153463d65b67f70e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5013f8269887642cca784adc8db9b5f0b771533f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dca403bb035a565bb98ecc1dda5d30f676feda40",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2323de34a3ae61a9f9b544c18583f71cea86721f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "64933ab7b04881c6c18b21ff206c12278341c72e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/jfs: Add validity check for db_maxag and db_agpref\n\nBoth db_maxag and db_agpref are used as the index of the\ndb_agfree array, but there is currently no validity check for\ndb_maxag and db_agpref, which can lead to errors.\n\nThe following is related bug reported by Syzbot:\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:639:20\nindex 7936 is out of range for type \u0027atomic_t[128]\u0027\n\nAdd checking that the values of db_maxag and db_agpref are valid\nindexes for the db_agfree array."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:30.178Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a0649e2dd4a3595b5595a29d0064d047c2fae2fb"
},
{
"url": "https://git.kernel.org/stable/c/ce15b0f1a431168f07b1cc6c9f71206a2db5c809"
},
{
"url": "https://git.kernel.org/stable/c/32bd8f1cbcf8b663e29dd1f908ba3a129541a11b"
},
{
"url": "https://git.kernel.org/stable/c/c6c8863fb3f57700ab583d875adda04caaf2278a"
},
{
"url": "https://git.kernel.org/stable/c/1f74d336990f37703a8eee77153463d65b67f70e"
},
{
"url": "https://git.kernel.org/stable/c/5013f8269887642cca784adc8db9b5f0b771533f"
},
{
"url": "https://git.kernel.org/stable/c/dca403bb035a565bb98ecc1dda5d30f676feda40"
},
{
"url": "https://git.kernel.org/stable/c/2323de34a3ae61a9f9b544c18583f71cea86721f"
},
{
"url": "https://git.kernel.org/stable/c/64933ab7b04881c6c18b21ff206c12278341c72e"
}
],
"title": "fs/jfs: Add validity check for db_maxag and db_agpref",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52804",
"datePublished": "2024-05-21T15:31:15.720Z",
"dateReserved": "2024-05-21T15:19:24.247Z",
"dateUpdated": "2025-05-04T07:43:30.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52874 (GCVE-0-2023-52874)
Vulnerability from cvelistv5
Published
2024-05-21 15:32
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro
In the TDX_HYPERCALL asm, after the TDCALL instruction returns from the
untrusted VMM, the registers that the TDX guest shares to the VMM need
to be cleared to avoid speculative execution of VMM-provided values.
RSI is specified in the bitmap of those registers, but it is missing
when zeroing out those registers in the current TDX_HYPERCALL.
It was there when it was originally added in commit 752d13305c78
("x86/tdx: Expand __tdx_hypercall() to handle more arguments"), but was
later removed in commit 1e70c680375a ("x86/tdx: Do not corrupt
frame-pointer in __tdx_hypercall()"), which was correct because %rsi is
later restored in the "pop %rsi". However a later commit 7a3a401874be
("x86/tdx: Drop flags from __tdx_hypercall()") removed that "pop %rsi"
but forgot to add the "xor %rsi, %rsi" back.
Fix by adding it back.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2191950d35d8f81620ea8d4e04d983f664fe3a8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de4c5bacca4f50233f1f791bec9eeb4dee1b14cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d092b66119d774853cc9308522620299048a662"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52874",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:24.980070Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:54.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/coco/tdx/tdcall.S"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2191950d35d8f81620ea8d4e04d983f664fe3a8a",
"status": "affected",
"version": "7a3a401874bea02f568aa416ac29170d8cde0dc2",
"versionType": "git"
},
{
"lessThan": "de4c5bacca4f50233f1f791bec9eeb4dee1b14cd",
"status": "affected",
"version": "7a3a401874bea02f568aa416ac29170d8cde0dc2",
"versionType": "git"
},
{
"lessThan": "5d092b66119d774853cc9308522620299048a662",
"status": "affected",
"version": "7a3a401874bea02f568aa416ac29170d8cde0dc2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/coco/tdx/tdcall.S"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro\n\nIn the TDX_HYPERCALL asm, after the TDCALL instruction returns from the\nuntrusted VMM, the registers that the TDX guest shares to the VMM need\nto be cleared to avoid speculative execution of VMM-provided values.\n\nRSI is specified in the bitmap of those registers, but it is missing\nwhen zeroing out those registers in the current TDX_HYPERCALL.\n\nIt was there when it was originally added in commit 752d13305c78\n(\"x86/tdx: Expand __tdx_hypercall() to handle more arguments\"), but was\nlater removed in commit 1e70c680375a (\"x86/tdx: Do not corrupt\nframe-pointer in __tdx_hypercall()\"), which was correct because %rsi is\nlater restored in the \"pop %rsi\". However a later commit 7a3a401874be\n(\"x86/tdx: Drop flags from __tdx_hypercall()\") removed that \"pop %rsi\"\nbut forgot to add the \"xor %rsi, %rsi\" back.\n\nFix by adding it back."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:50.495Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2191950d35d8f81620ea8d4e04d983f664fe3a8a"
},
{
"url": "https://git.kernel.org/stable/c/de4c5bacca4f50233f1f791bec9eeb4dee1b14cd"
},
{
"url": "https://git.kernel.org/stable/c/5d092b66119d774853cc9308522620299048a662"
}
],
"title": "x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52874",
"datePublished": "2024-05-21T15:32:07.937Z",
"dateReserved": "2024-05-21T15:19:24.264Z",
"dateUpdated": "2025-05-04T07:44:50.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26889 (GCVE-0-2024-26889)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-07 19:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_core: Fix possible buffer overflow
struct hci_dev_info has a fixed size name[8] field so in the event that
hdev->name is bigger than that strcpy would attempt to write past its
size, so this fixes this problem by switching to use strscpy.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 194ab82c1ea187512ff2f822124bd05b63fc9f76 Version: b48595f5b1c6e81e06e164e7d2b7a30b1776161e Version: ffb060b136dd75a033ced0fc0aed2882c02e8b56 Version: bbec1724519ecd9c468d1186a8f30b7567175bfb Version: dcda165706b9fbfd685898d46a6749d7d397e0c0 Version: dcda165706b9fbfd685898d46a6749d7d397e0c0 Version: dcda165706b9fbfd685898d46a6749d7d397e0c0 Version: dcda165706b9fbfd685898d46a6749d7d397e0c0 Version: d9ce7d438366431e5688be98d8680336ce0a0f8d Version: a55d53ad5c86aee3f6da50ee73626008997673fa Version: 5558f4312dca43cebfb9a1aab3d632be91bbb736 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54a03e4ac1a41edf8a5087bd59f8241b0de96d3d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d47e6c1932cee02954ea588c9f09fd5ecefeadfc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e845867b4e279eff0a19ade253390470e07e8a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68644bf5ec6baaff40fc39b3529c874bfda709bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a41c8efe659caed0e21422876bbb6b73c15b5244"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c28598a2c29201d2ba7fc37539a7d41c264fb10"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2edce8e9a99dd5e4404259d52e754fdc97fb42c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81137162bfaa7278785b24c1fd2e9e74f082e8e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T21:45:31.651235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:59:25.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac",
"status": "affected",
"version": "194ab82c1ea187512ff2f822124bd05b63fc9f76",
"versionType": "git"
},
{
"lessThan": "54a03e4ac1a41edf8a5087bd59f8241b0de96d3d",
"status": "affected",
"version": "b48595f5b1c6e81e06e164e7d2b7a30b1776161e",
"versionType": "git"
},
{
"lessThan": "d47e6c1932cee02954ea588c9f09fd5ecefeadfc",
"status": "affected",
"version": "ffb060b136dd75a033ced0fc0aed2882c02e8b56",
"versionType": "git"
},
{
"lessThan": "2e845867b4e279eff0a19ade253390470e07e8a1",
"status": "affected",
"version": "bbec1724519ecd9c468d1186a8f30b7567175bfb",
"versionType": "git"
},
{
"lessThan": "a41c8efe659caed0e21422876bbb6b73c15b5244",
"status": "affected",
"version": "dcda165706b9fbfd685898d46a6749d7d397e0c0",
"versionType": "git"
},
{
"lessThan": "8c28598a2c29201d2ba7fc37539a7d41c264fb10",
"status": "affected",
"version": "dcda165706b9fbfd685898d46a6749d7d397e0c0",
"versionType": "git"
},
{
"lessThan": "2edce8e9a99dd5e4404259d52e754fdc97fb42c2",
"status": "affected",
"version": "dcda165706b9fbfd685898d46a6749d7d397e0c0",
"versionType": "git"
},
{
"lessThan": "81137162bfaa7278785b24c1fd2e9e74f082e8e4",
"status": "affected",
"version": "dcda165706b9fbfd685898d46a6749d7d397e0c0",
"versionType": "git"
},
{
"status": "affected",
"version": "d9ce7d438366431e5688be98d8680336ce0a0f8d",
"versionType": "git"
},
{
"status": "affected",
"version": "a55d53ad5c86aee3f6da50ee73626008997673fa",
"versionType": "git"
},
{
"status": "affected",
"version": "5558f4312dca43cebfb9a1aab3d632be91bbb736",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "4.19.297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "5.4.259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.10.199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.15.137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix possible buffer overflow\n\nstruct hci_dev_info has a fixed size name[8] field so in the event that\nhdev-\u003ename is bigger than that strcpy would attempt to write past its\nsize, so this fixes this problem by switching to use strscpy."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:05.384Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac"
},
{
"url": "https://git.kernel.org/stable/c/54a03e4ac1a41edf8a5087bd59f8241b0de96d3d"
},
{
"url": "https://git.kernel.org/stable/c/d47e6c1932cee02954ea588c9f09fd5ecefeadfc"
},
{
"url": "https://git.kernel.org/stable/c/2e845867b4e279eff0a19ade253390470e07e8a1"
},
{
"url": "https://git.kernel.org/stable/c/a41c8efe659caed0e21422876bbb6b73c15b5244"
},
{
"url": "https://git.kernel.org/stable/c/8c28598a2c29201d2ba7fc37539a7d41c264fb10"
},
{
"url": "https://git.kernel.org/stable/c/2edce8e9a99dd5e4404259d52e754fdc97fb42c2"
},
{
"url": "https://git.kernel.org/stable/c/81137162bfaa7278785b24c1fd2e9e74f082e8e4"
}
],
"title": "Bluetooth: hci_core: Fix possible buffer overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26889",
"datePublished": "2024-04-17T10:27:42.814Z",
"dateReserved": "2024-02-19T14:20:24.186Z",
"dateUpdated": "2025-05-07T19:59:25.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52858 (GCVE-0-2023-52858)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
Add the check for the return value of mtk_alloc_clk_data() in order to
avoid NULL pointer dereference.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "3b5e748615e7"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.4.261"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.10.201"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15.139"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.63"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.5.12"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T19:00:23.134670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:50:32.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8ae4b49dd9cfde69d8de8c0c0cd7cf1b004482e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f861b63945e076f9f003a5fad958174096df1ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e964d21dc034b650d719c4ea39564bec72b42f94"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a836efc21ef04608333d6d05753e558ebd1f85d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d89430fc3158f872d492f1b88d07262f48290c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5fbea47eebff5daeca7d918c99289bcd3ae4dc8d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2befa515c1bb6cdd33c262b909d93d1973a219aa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt7629.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e8ae4b49dd9cfde69d8de8c0c0cd7cf1b004482e",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "4f861b63945e076f9f003a5fad958174096df1ee",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "e964d21dc034b650d719c4ea39564bec72b42f94",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "a836efc21ef04608333d6d05753e558ebd1f85d0",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "1d89430fc3158f872d492f1b88d07262f48290c0",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "5fbea47eebff5daeca7d918c99289bcd3ae4dc8d",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "2befa515c1bb6cdd33c262b909d93d1973a219aa",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt7629.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data\n\nAdd the check for the return value of mtk_alloc_clk_data() in order to\navoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:26.846Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e8ae4b49dd9cfde69d8de8c0c0cd7cf1b004482e"
},
{
"url": "https://git.kernel.org/stable/c/4f861b63945e076f9f003a5fad958174096df1ee"
},
{
"url": "https://git.kernel.org/stable/c/e964d21dc034b650d719c4ea39564bec72b42f94"
},
{
"url": "https://git.kernel.org/stable/c/a836efc21ef04608333d6d05753e558ebd1f85d0"
},
{
"url": "https://git.kernel.org/stable/c/1d89430fc3158f872d492f1b88d07262f48290c0"
},
{
"url": "https://git.kernel.org/stable/c/5fbea47eebff5daeca7d918c99289bcd3ae4dc8d"
},
{
"url": "https://git.kernel.org/stable/c/2befa515c1bb6cdd33c262b909d93d1973a219aa"
}
],
"title": "clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52858",
"datePublished": "2024-05-21T15:31:51.891Z",
"dateReserved": "2024-05-21T15:19:24.258Z",
"dateUpdated": "2025-05-04T07:44:26.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52841 (GCVE-0-2023-52841)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: mux: Add check and kfree for kstrdup
Add check for the return value of kstrdup() and return the error
if it fails in order to avoid NULL pointer dereference.
Moreover, use kfree() in the later error handling in order to avoid
memory leak.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c2f78f0cb294aa6f009d3a170f4ee8ad199ba5da Version: c2f78f0cb294aa6f009d3a170f4ee8ad199ba5da Version: c2f78f0cb294aa6f009d3a170f4ee8ad199ba5da Version: c2f78f0cb294aa6f009d3a170f4ee8ad199ba5da Version: c2f78f0cb294aa6f009d3a170f4ee8ad199ba5da Version: c2f78f0cb294aa6f009d3a170f4ee8ad199ba5da |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:57:18.576854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:05.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64863ba8e6b7651d994c6e6d506cc8aa2ac45edb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/980be4c3b0d51c0f873fd750117774561c66cf68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a254ee1ddc592ae1efcce96b8c014e1bd2d5a2b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb13001411999adb158b39e76d94705eb2da100d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aae7598aff291d4d140be1355aa20930af948785"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1fd6eb12642e0c32692924ff359c07de4b781d78"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/test-drivers/vidtv/vidtv_mux.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "64863ba8e6b7651d994c6e6d506cc8aa2ac45edb",
"status": "affected",
"version": "c2f78f0cb294aa6f009d3a170f4ee8ad199ba5da",
"versionType": "git"
},
{
"lessThan": "980be4c3b0d51c0f873fd750117774561c66cf68",
"status": "affected",
"version": "c2f78f0cb294aa6f009d3a170f4ee8ad199ba5da",
"versionType": "git"
},
{
"lessThan": "a254ee1ddc592ae1efcce96b8c014e1bd2d5a2b4",
"status": "affected",
"version": "c2f78f0cb294aa6f009d3a170f4ee8ad199ba5da",
"versionType": "git"
},
{
"lessThan": "cb13001411999adb158b39e76d94705eb2da100d",
"status": "affected",
"version": "c2f78f0cb294aa6f009d3a170f4ee8ad199ba5da",
"versionType": "git"
},
{
"lessThan": "aae7598aff291d4d140be1355aa20930af948785",
"status": "affected",
"version": "c2f78f0cb294aa6f009d3a170f4ee8ad199ba5da",
"versionType": "git"
},
{
"lessThan": "1fd6eb12642e0c32692924ff359c07de4b781d78",
"status": "affected",
"version": "c2f78f0cb294aa6f009d3a170f4ee8ad199ba5da",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/test-drivers/vidtv/vidtv_mux.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: mux: Add check and kfree for kstrdup\n\nAdd check for the return value of kstrdup() and return the error\nif it fails in order to avoid NULL pointer dereference.\nMoreover, use kfree() in the later error handling in order to avoid\nmemory leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:07.310Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/64863ba8e6b7651d994c6e6d506cc8aa2ac45edb"
},
{
"url": "https://git.kernel.org/stable/c/980be4c3b0d51c0f873fd750117774561c66cf68"
},
{
"url": "https://git.kernel.org/stable/c/a254ee1ddc592ae1efcce96b8c014e1bd2d5a2b4"
},
{
"url": "https://git.kernel.org/stable/c/cb13001411999adb158b39e76d94705eb2da100d"
},
{
"url": "https://git.kernel.org/stable/c/aae7598aff291d4d140be1355aa20930af948785"
},
{
"url": "https://git.kernel.org/stable/c/1fd6eb12642e0c32692924ff359c07de4b781d78"
}
],
"title": "media: vidtv: mux: Add check and kfree for kstrdup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52841",
"datePublished": "2024-05-21T15:31:40.529Z",
"dateReserved": "2024-05-21T15:19:24.253Z",
"dateUpdated": "2025-05-04T07:44:07.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38559 (GCVE-0-2024-38559)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qedf: Ensure the copied buf is NUL terminated
Currently, we allocate a count-sized kernel buffer and copy count from
userspace to that buffer. Later, we use kstrtouint on this buffer but we
don't ensure that the string is terminated inside the buffer, this can
lead to OOB read when using kstrtouint. Fix this issue by using
memdup_user_nul instead of memdup_user.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd Version: 61d8658b4a435eac729966cc94cdda077a8df5cd |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:39:36.404554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T14:24:43.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qedf/qedf_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1f84a2744ad813be23fc4be99fb74bfb24aadb95",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "a75001678e1d38aa607d5b898ec7ff8ed0700d59",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "769b9fd2af02c069451fe9108dba73355d9a021c",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "dccd97b39ab2f2b1b9a47a1394647a4d65815255",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "d93318f19d1e1a6d5f04f5d965eaa9055bb7c613",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "563e609275927c0b75fbfd0d90441543aa7b5e0d",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "177f43c6892e6055de6541fe9391a8a3d1f95fc9",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
},
{
"lessThan": "d0184a375ee797eb657d74861ba0935b6e405c62",
"status": "affected",
"version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qedf/qedf_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count from\nuserspace to that buffer. Later, we use kstrtouint on this buffer but we\ndon\u0027t ensure that the string is terminated inside the buffer, this can\nlead to OOB read when using kstrtouint. Fix this issue by using\nmemdup_user_nul instead of memdup_user."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:05.664Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95"
},
{
"url": "https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59"
},
{
"url": "https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c"
},
{
"url": "https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255"
},
{
"url": "https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613"
},
{
"url": "https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d"
},
{
"url": "https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8"
},
{
"url": "https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9"
},
{
"url": "https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62"
}
],
"title": "scsi: qedf: Ensure the copied buf is NUL terminated",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38559",
"datePublished": "2024-06-19T13:35:28.888Z",
"dateReserved": "2024-06-18T19:36:34.922Z",
"dateUpdated": "2025-05-04T09:14:05.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38617 (GCVE-0-2024-38617)
Vulnerability from cvelistv5
Published
2024-06-19 13:56
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
kunit/fortify: Fix mismatched kvalloc()/vfree() usage
The kv*() family of tests were accidentally freeing with vfree() instead
of kvfree(). Use kvfree() instead.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T18:11:00.320461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T18:11:07.454Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7880dbf4eafe22a6a41a42e774f1122c814ed02d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42d21c9727028fe7ee392223ba127484b1b8677e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03758d5a0932016b6d5f5bfbca580177e6bc937a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/998b18072ceb0613629c256b409f4d299829c7ec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"lib/fortify_kunit.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7880dbf4eafe22a6a41a42e774f1122c814ed02d",
"status": "affected",
"version": "9124a26401483bf2b13a99cb4317dce3f677060f",
"versionType": "git"
},
{
"lessThan": "42d21c9727028fe7ee392223ba127484b1b8677e",
"status": "affected",
"version": "9124a26401483bf2b13a99cb4317dce3f677060f",
"versionType": "git"
},
{
"lessThan": "03758d5a0932016b6d5f5bfbca580177e6bc937a",
"status": "affected",
"version": "9124a26401483bf2b13a99cb4317dce3f677060f",
"versionType": "git"
},
{
"lessThan": "998b18072ceb0613629c256b409f4d299829c7ec",
"status": "affected",
"version": "9124a26401483bf2b13a99cb4317dce3f677060f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"lib/fortify_kunit.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit/fortify: Fix mismatched kvalloc()/vfree() usage\n\nThe kv*() family of tests were accidentally freeing with vfree() instead\nof kvfree(). Use kvfree() instead."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:23.602Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7880dbf4eafe22a6a41a42e774f1122c814ed02d"
},
{
"url": "https://git.kernel.org/stable/c/42d21c9727028fe7ee392223ba127484b1b8677e"
},
{
"url": "https://git.kernel.org/stable/c/03758d5a0932016b6d5f5bfbca580177e6bc937a"
},
{
"url": "https://git.kernel.org/stable/c/998b18072ceb0613629c256b409f4d299829c7ec"
}
],
"title": "kunit/fortify: Fix mismatched kvalloc()/vfree() usage",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38617",
"datePublished": "2024-06-19T13:56:16.763Z",
"dateReserved": "2024-06-18T19:36:34.944Z",
"dateUpdated": "2025-05-04T09:15:23.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36964 (GCVE-0-2024-36964)
Vulnerability from cvelistv5
Published
2024-06-03 07:50
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/9p: only translate RWX permissions for plain 9P2000
Garbage in plain 9P2000's perm bits is allowed through, which causes it
to be able to set (among others) the suid bit. This was presumably not
the intent since the unix extended bits are handled explicitly and
conditionally on .u.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T18:11:48.356880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T18:11:56.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e90bc596a74bb905e0a45bf346038c3f9d1e868d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df1962a199783ecd66734d563caf0fedecf08f96"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a605930e19f451294bd838754f7d66c976a8a2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad4f65328661392de74e3608bb736fedf3b67e32"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca9b5c81f0c918c63d73d962ed8a8e231f840bc8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e55c601af3b1223a84f9f27f9cdbd2af5e203bf3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/157d468e34fdd3cb1ddc07c2be32fb3b02826b02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd25e15e57e68a6b18dc9323047fe9c68b99290b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/9p/vfs_inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e90bc596a74bb905e0a45bf346038c3f9d1e868d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "df1962a199783ecd66734d563caf0fedecf08f96",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5a605930e19f451294bd838754f7d66c976a8a2c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ad4f65328661392de74e3608bb736fedf3b67e32",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ca9b5c81f0c918c63d73d962ed8a8e231f840bc8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e55c601af3b1223a84f9f27f9cdbd2af5e203bf3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "157d468e34fdd3cb1ddc07c2be32fb3b02826b02",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cd25e15e57e68a6b18dc9323047fe9c68b99290b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/9p/vfs_inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: only translate RWX permissions for plain 9P2000\n\nGarbage in plain 9P2000\u0027s perm bits is allowed through, which causes it\nto be able to set (among others) the suid bit. This was presumably not\nthe intent since the unix extended bits are handled explicitly and\nconditionally on .u."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:57.344Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e90bc596a74bb905e0a45bf346038c3f9d1e868d"
},
{
"url": "https://git.kernel.org/stable/c/df1962a199783ecd66734d563caf0fedecf08f96"
},
{
"url": "https://git.kernel.org/stable/c/5a605930e19f451294bd838754f7d66c976a8a2c"
},
{
"url": "https://git.kernel.org/stable/c/ad4f65328661392de74e3608bb736fedf3b67e32"
},
{
"url": "https://git.kernel.org/stable/c/ca9b5c81f0c918c63d73d962ed8a8e231f840bc8"
},
{
"url": "https://git.kernel.org/stable/c/e55c601af3b1223a84f9f27f9cdbd2af5e203bf3"
},
{
"url": "https://git.kernel.org/stable/c/157d468e34fdd3cb1ddc07c2be32fb3b02826b02"
},
{
"url": "https://git.kernel.org/stable/c/cd25e15e57e68a6b18dc9323047fe9c68b99290b"
}
],
"title": "fs/9p: only translate RWX permissions for plain 9P2000",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36964",
"datePublished": "2024-06-03T07:50:01.987Z",
"dateReserved": "2024-05-30T15:25:07.081Z",
"dateUpdated": "2025-05-04T09:12:57.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34777 (GCVE-0-2024-34777)
Vulnerability from cvelistv5
Published
2024-06-21 11:18
Modified
2025-05-04 09:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dma-mapping: benchmark: fix node id validation
While validating node ids in map_benchmark_ioctl(), node_possible() may
be provided with invalid argument outside of [0,MAX_NUMNODES-1] range
leading to:
BUG: KASAN: wild-memory-access in map_benchmark_ioctl (kernel/dma/map_benchmark.c:214)
Read of size 8 at addr 1fffffff8ccb6398 by task dma_map_benchma/971
CPU: 7 PID: 971 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #37
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
Call Trace:
<TASK>
dump_stack_lvl (lib/dump_stack.c:117)
kasan_report (mm/kasan/report.c:603)
kasan_check_range (mm/kasan/generic.c:189)
variable_test_bit (arch/x86/include/asm/bitops.h:227) [inline]
arch_test_bit (arch/x86/include/asm/bitops.h:239) [inline]
_test_bit at (include/asm-generic/bitops/instrumented-non-atomic.h:142) [inline]
node_state (include/linux/nodemask.h:423) [inline]
map_benchmark_ioctl (kernel/dma/map_benchmark.c:214)
full_proxy_unlocked_ioctl (fs/debugfs/file.c:333)
__x64_sys_ioctl (fs/ioctl.c:890)
do_syscall_64 (arch/x86/entry/common.c:83)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
Compare node ids with sane bounds first. NUMA_NO_NODE is considered a
special valid case meaning that benchmarking kthreads won't be bound to a
cpuset of a given node.
Found by Linux Verification Center (linuxtesting.org).
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35d31c8bd4722b107f5a2f5ddddce839de04b936"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c57874265a3c5206d7aece3793bb2fc9abcd7570"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34a816d8735f3924b74be8e5bf766ade1f3bd10b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/63e7e05a48a35308aeddd7ecccb68363a5988e87"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ff05e723f7ca30644b8ec3fb093f16312e408ad"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:08:52.989247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:44.129Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/dma/map_benchmark.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "35d31c8bd4722b107f5a2f5ddddce839de04b936",
"status": "affected",
"version": "65789daa8087e125927230ccb7e1eab13999b0cf",
"versionType": "git"
},
{
"lessThan": "c57874265a3c5206d7aece3793bb2fc9abcd7570",
"status": "affected",
"version": "65789daa8087e125927230ccb7e1eab13999b0cf",
"versionType": "git"
},
{
"lessThan": "34a816d8735f3924b74be8e5bf766ade1f3bd10b",
"status": "affected",
"version": "65789daa8087e125927230ccb7e1eab13999b0cf",
"versionType": "git"
},
{
"lessThan": "63e7e05a48a35308aeddd7ecccb68363a5988e87",
"status": "affected",
"version": "65789daa8087e125927230ccb7e1eab13999b0cf",
"versionType": "git"
},
{
"lessThan": "1ff05e723f7ca30644b8ec3fb093f16312e408ad",
"status": "affected",
"version": "65789daa8087e125927230ccb7e1eab13999b0cf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/dma/map_benchmark.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-mapping: benchmark: fix node id validation\n\nWhile validating node ids in map_benchmark_ioctl(), node_possible() may\nbe provided with invalid argument outside of [0,MAX_NUMNODES-1] range\nleading to:\n\nBUG: KASAN: wild-memory-access in map_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nRead of size 8 at addr 1fffffff8ccb6398 by task dma_map_benchma/971\nCPU: 7 PID: 971 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #37\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n \u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:117)\nkasan_report (mm/kasan/report.c:603)\nkasan_check_range (mm/kasan/generic.c:189)\nvariable_test_bit (arch/x86/include/asm/bitops.h:227) [inline]\narch_test_bit (arch/x86/include/asm/bitops.h:239) [inline]\n_test_bit at (include/asm-generic/bitops/instrumented-non-atomic.h:142) [inline]\nnode_state (include/linux/nodemask.h:423) [inline]\nmap_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nfull_proxy_unlocked_ioctl (fs/debugfs/file.c:333)\n__x64_sys_ioctl (fs/ioctl.c:890)\ndo_syscall_64 (arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nCompare node ids with sane bounds first. NUMA_NO_NODE is considered a\nspecial valid case meaning that benchmarking kthreads won\u0027t be bound to a\ncpuset of a given node.\n\nFound by Linux Verification Center (linuxtesting.org)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:16.688Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/35d31c8bd4722b107f5a2f5ddddce839de04b936"
},
{
"url": "https://git.kernel.org/stable/c/c57874265a3c5206d7aece3793bb2fc9abcd7570"
},
{
"url": "https://git.kernel.org/stable/c/34a816d8735f3924b74be8e5bf766ade1f3bd10b"
},
{
"url": "https://git.kernel.org/stable/c/63e7e05a48a35308aeddd7ecccb68363a5988e87"
},
{
"url": "https://git.kernel.org/stable/c/1ff05e723f7ca30644b8ec3fb093f16312e408ad"
}
],
"title": "dma-mapping: benchmark: fix node id validation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-34777",
"datePublished": "2024-06-21T11:18:45.481Z",
"dateReserved": "2024-06-21T11:16:40.638Z",
"dateUpdated": "2025-05-04T09:05:16.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52792 (GCVE-0-2023-52792)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails
Commit 5e42bcbc3fef ("cxl/region: decrement ->nr_targets on error in
cxl_region_attach()") tried to avoid 'eiw' initialization errors when
->nr_targets exceeded 16, by just decrementing ->nr_targets when
cxl_region_setup_targets() failed.
Commit 86987c766276 ("cxl/region: Cleanup target list on attach error")
extended that cleanup to also clear cxled->pos and p->targets[pos]. The
initialization error was incidentally fixed separately by:
Commit 8d4285425714 ("cxl/region: Fix port setup uninitialized variable
warnings") which was merged a few days after 5e42bcbc3fef.
But now the original cleanup when cxl_region_setup_targets() fails
prevents endpoint and switch decoder resources from being reused:
1) the cleanup does not set the decoder's region to NULL, which results
in future dpa_size_store() calls returning -EBUSY
2) the decoder is not properly freed, which results in future commit
errors associated with the upstream switch
Now that the initialization errors were fixed separately, the proper
cleanup for this case is to just return immediately. Then the resources
associated with this target get cleanup up as normal when the failed
region is deleted.
The ->nr_targets decrement in the error case also helped prevent
a p->targets[] array overflow, so add a new check to prevent against
that overflow.
Tested by trying to create an invalid region for a 2 switch * 2 endpoint
topology, and then following up with creating a valid region.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T15:19:10.363547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T15:19:25.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90db4c1d5ebaf574d3c3065c055977982c378a83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9090c5537c93cd0811ab7bfbd925b57addfffb60"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07ffcd8ec79cf7383e1e45815f4842fd357991c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0718588c7aaa7a1510b4de972370535b61dddd0d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/cxl/core/region.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "90db4c1d5ebaf574d3c3065c055977982c378a83",
"status": "affected",
"version": "5e42bcbc3fef6e759dfb4d3f4cfb394c382b4249",
"versionType": "git"
},
{
"lessThan": "9090c5537c93cd0811ab7bfbd925b57addfffb60",
"status": "affected",
"version": "5e42bcbc3fef6e759dfb4d3f4cfb394c382b4249",
"versionType": "git"
},
{
"lessThan": "07ffcd8ec79cf7383e1e45815f4842fd357991c2",
"status": "affected",
"version": "5e42bcbc3fef6e759dfb4d3f4cfb394c382b4249",
"versionType": "git"
},
{
"lessThan": "0718588c7aaa7a1510b4de972370535b61dddd0d",
"status": "affected",
"version": "5e42bcbc3fef6e759dfb4d3f4cfb394c382b4249",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/cxl/core/region.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Do not try to cleanup after cxl_region_setup_targets() fails\n\nCommit 5e42bcbc3fef (\"cxl/region: decrement -\u003enr_targets on error in\ncxl_region_attach()\") tried to avoid \u0027eiw\u0027 initialization errors when\n-\u003enr_targets exceeded 16, by just decrementing -\u003enr_targets when\ncxl_region_setup_targets() failed.\n\nCommit 86987c766276 (\"cxl/region: Cleanup target list on attach error\")\nextended that cleanup to also clear cxled-\u003epos and p-\u003etargets[pos]. The\ninitialization error was incidentally fixed separately by:\nCommit 8d4285425714 (\"cxl/region: Fix port setup uninitialized variable\nwarnings\") which was merged a few days after 5e42bcbc3fef.\n\nBut now the original cleanup when cxl_region_setup_targets() fails\nprevents endpoint and switch decoder resources from being reused:\n\n1) the cleanup does not set the decoder\u0027s region to NULL, which results\n in future dpa_size_store() calls returning -EBUSY\n2) the decoder is not properly freed, which results in future commit\n errors associated with the upstream switch\n\nNow that the initialization errors were fixed separately, the proper\ncleanup for this case is to just return immediately. Then the resources\nassociated with this target get cleanup up as normal when the failed\nregion is deleted.\n\nThe -\u003enr_targets decrement in the error case also helped prevent\na p-\u003etargets[] array overflow, so add a new check to prevent against\nthat overflow.\n\nTested by trying to create an invalid region for a 2 switch * 2 endpoint\ntopology, and then following up with creating a valid region."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:17.847Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/90db4c1d5ebaf574d3c3065c055977982c378a83"
},
{
"url": "https://git.kernel.org/stable/c/9090c5537c93cd0811ab7bfbd925b57addfffb60"
},
{
"url": "https://git.kernel.org/stable/c/07ffcd8ec79cf7383e1e45815f4842fd357991c2"
},
{
"url": "https://git.kernel.org/stable/c/0718588c7aaa7a1510b4de972370535b61dddd0d"
}
],
"title": "cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52792",
"datePublished": "2024-05-21T15:31:07.633Z",
"dateReserved": "2024-05-21T15:19:24.241Z",
"dateUpdated": "2025-05-04T07:43:17.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38633 (GCVE-0-2024-38633)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: max3100: Update uart_driver_registered on driver removal
The removal of the last MAX3100 device triggers the removal of
the driver. However, code doesn't update the respective global
variable and after insmod — rmmod — insmod cycle the kernel
oopses:
max3100 spi-PRP0001:01: max3100_probe: adding port 0
BUG: kernel NULL pointer dereference, address: 0000000000000408
...
RIP: 0010:serial_core_register_port+0xa0/0x840
...
max3100_probe+0x1b6/0x280 [max3100]
spi_probe+0x8d/0xb0
Update the actual state so next time UART driver will be registered
again.
Hugo also noticed, that the error path in the probe also affected
by having the variable set, and not cleared. Instead of clearing it
move the assignment after the successfull uart_register_driver() call.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:15:33.848896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T15:15:44.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/max3100.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "9db4222ed8cd3e50b81c8b910ae74c26427a4003",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "e8e2a4339decad7e59425b594a98613402652d72",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "361a92c9038e8c8c3996f8eeaa14522a8ad90752",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "b6eb7aff23e05f362e8c9b560f6ac5e727b70e00",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "e8a10089eddba40d4b2080c9d3fc2d2b2488f762",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "712a1fcb38dc7cac6da63ee79a88708fbf9c45ec",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/max3100.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Update uart_driver_registered on driver removal\n\nThe removal of the last MAX3100 device triggers the removal of\nthe driver. However, code doesn\u0027t update the respective global\nvariable and after insmod \u2014 rmmod \u2014 insmod cycle the kernel\noopses:\n\n max3100 spi-PRP0001:01: max3100_probe: adding port 0\n BUG: kernel NULL pointer dereference, address: 0000000000000408\n ...\n RIP: 0010:serial_core_register_port+0xa0/0x840\n ...\n max3100_probe+0x1b6/0x280 [max3100]\n spi_probe+0x8d/0xb0\n\nUpdate the actual state so next time UART driver will be registered\nagain.\n\nHugo also noticed, that the error path in the probe also affected\nby having the variable set, and not cleared. Instead of clearing it\nmove the assignment after the successfull uart_register_driver() call."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:45.456Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b"
},
{
"url": "https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003"
},
{
"url": "https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72"
},
{
"url": "https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752"
},
{
"url": "https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00"
},
{
"url": "https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762"
},
{
"url": "https://git.kernel.org/stable/c/fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0"
},
{
"url": "https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec"
}
],
"title": "serial: max3100: Update uart_driver_registered on driver removal",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38633",
"datePublished": "2024-06-21T10:18:22.905Z",
"dateReserved": "2024-06-18T19:36:34.947Z",
"dateUpdated": "2025-05-04T09:15:45.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35884 (GCVE-0-2024-35884)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
udp: do not accept non-tunnel GSO skbs landing in a tunnel
When rx-udp-gro-forwarding is enabled UDP packets might be GROed when
being forwarded. If such packets might land in a tunnel this can cause
various issues and udp_gro_receive makes sure this isn't the case by
looking for a matching socket. This is performed in
udp4/6_gro_lookup_skb but only in the current netns. This is an issue
with tunneled packets when the endpoint is in another netns. In such
cases the packets will be GROed at the UDP level, which leads to various
issues later on. The same thing can happen with rx-gro-list.
We saw this with geneve packets being GROed at the UDP level. In such
case gso_size is set; later the packet goes through the geneve rx path,
the geneve header is pulled, the offset are adjusted and frag_list skbs
are not adjusted with regard to geneve. When those skbs hit
skb_fragment, it will misbehave. Different outcomes are possible
depending on what the GROed skbs look like; from corrupted packets to
kernel crashes.
One example is a BUG_ON[1] triggered in skb_segment while processing the
frag_list. Because gso_size is wrong (geneve header was pulled)
skb_segment thinks there is "geneve header size" of data in frag_list,
although it's in fact the next packet. The BUG_ON itself has nothing to
do with the issue. This is only one of the potential issues.
Looking up for a matching socket in udp_gro_receive is fragile: the
lookup could be extended to all netns (not speaking about performances)
but nothing prevents those packets from being modified in between and we
could still not find a matching socket. It's OK to keep the current
logic there as it should cover most cases but we also need to make sure
we handle tunnel packets being GROed too early.
This is done by extending the checks in udp_unexpected_gso: GSO packets
lacking the SKB_GSO_UDP_TUNNEL/_CSUM bits and landing in a tunnel must
be segmented.
[1] kernel BUG at net/core/skbuff.c:4408!
RIP: 0010:skb_segment+0xd2a/0xf70
__udp_gso_segment+0xaa/0x560
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9fd1ff5d2ac7181844735806b0a703c942365291 Version: 9fd1ff5d2ac7181844735806b0a703c942365291 Version: 9fd1ff5d2ac7181844735806b0a703c942365291 Version: 9fd1ff5d2ac7181844735806b0a703c942365291 Version: 9fd1ff5d2ac7181844735806b0a703c942365291 Version: 9fd1ff5d2ac7181844735806b0a703c942365291 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:37:18.298363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:46:28.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3391b157780bbedf8ef9f202cbf10ee90bf6b0f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d49ae15a5767d4e9ef8bbb79e42df1bfebc94670"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d12245080cb259d82b34699f6cd4ec11bdb688bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3001e7aa43d6691db2a878b0745b854bf12ddd19"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35fe0e0b5c00bef7dde74842a2564c43856fbce4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d010c8031e39f5fa1e8b13ada77e0321091011f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/udp.h",
"net/ipv4/udp.c",
"net/ipv4/udp_offload.c",
"net/ipv6/udp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3391b157780bbedf8ef9f202cbf10ee90bf6b0f8",
"status": "affected",
"version": "9fd1ff5d2ac7181844735806b0a703c942365291",
"versionType": "git"
},
{
"lessThan": "d49ae15a5767d4e9ef8bbb79e42df1bfebc94670",
"status": "affected",
"version": "9fd1ff5d2ac7181844735806b0a703c942365291",
"versionType": "git"
},
{
"lessThan": "d12245080cb259d82b34699f6cd4ec11bdb688bd",
"status": "affected",
"version": "9fd1ff5d2ac7181844735806b0a703c942365291",
"versionType": "git"
},
{
"lessThan": "3001e7aa43d6691db2a878b0745b854bf12ddd19",
"status": "affected",
"version": "9fd1ff5d2ac7181844735806b0a703c942365291",
"versionType": "git"
},
{
"lessThan": "35fe0e0b5c00bef7dde74842a2564c43856fbce4",
"status": "affected",
"version": "9fd1ff5d2ac7181844735806b0a703c942365291",
"versionType": "git"
},
{
"lessThan": "3d010c8031e39f5fa1e8b13ada77e0321091011f",
"status": "affected",
"version": "9fd1ff5d2ac7181844735806b0a703c942365291",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/udp.h",
"net/ipv4/udp.c",
"net/ipv4/udp_offload.c",
"net/ipv6/udp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: do not accept non-tunnel GSO skbs landing in a tunnel\n\nWhen rx-udp-gro-forwarding is enabled UDP packets might be GROed when\nbeing forwarded. If such packets might land in a tunnel this can cause\nvarious issues and udp_gro_receive makes sure this isn\u0027t the case by\nlooking for a matching socket. This is performed in\nudp4/6_gro_lookup_skb but only in the current netns. This is an issue\nwith tunneled packets when the endpoint is in another netns. In such\ncases the packets will be GROed at the UDP level, which leads to various\nissues later on. The same thing can happen with rx-gro-list.\n\nWe saw this with geneve packets being GROed at the UDP level. In such\ncase gso_size is set; later the packet goes through the geneve rx path,\nthe geneve header is pulled, the offset are adjusted and frag_list skbs\nare not adjusted with regard to geneve. When those skbs hit\nskb_fragment, it will misbehave. Different outcomes are possible\ndepending on what the GROed skbs look like; from corrupted packets to\nkernel crashes.\n\nOne example is a BUG_ON[1] triggered in skb_segment while processing the\nfrag_list. Because gso_size is wrong (geneve header was pulled)\nskb_segment thinks there is \"geneve header size\" of data in frag_list,\nalthough it\u0027s in fact the next packet. The BUG_ON itself has nothing to\ndo with the issue. This is only one of the potential issues.\n\nLooking up for a matching socket in udp_gro_receive is fragile: the\nlookup could be extended to all netns (not speaking about performances)\nbut nothing prevents those packets from being modified in between and we\ncould still not find a matching socket. It\u0027s OK to keep the current\nlogic there as it should cover most cases but we also need to make sure\nwe handle tunnel packets being GROed too early.\n\nThis is done by extending the checks in udp_unexpected_gso: GSO packets\nlacking the SKB_GSO_UDP_TUNNEL/_CSUM bits and landing in a tunnel must\nbe segmented.\n\n[1] kernel BUG at net/core/skbuff.c:4408!\n RIP: 0010:skb_segment+0xd2a/0xf70\n __udp_gso_segment+0xaa/0x560"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:33.854Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3391b157780bbedf8ef9f202cbf10ee90bf6b0f8"
},
{
"url": "https://git.kernel.org/stable/c/d49ae15a5767d4e9ef8bbb79e42df1bfebc94670"
},
{
"url": "https://git.kernel.org/stable/c/d12245080cb259d82b34699f6cd4ec11bdb688bd"
},
{
"url": "https://git.kernel.org/stable/c/3001e7aa43d6691db2a878b0745b854bf12ddd19"
},
{
"url": "https://git.kernel.org/stable/c/35fe0e0b5c00bef7dde74842a2564c43856fbce4"
},
{
"url": "https://git.kernel.org/stable/c/3d010c8031e39f5fa1e8b13ada77e0321091011f"
}
],
"title": "udp: do not accept non-tunnel GSO skbs landing in a tunnel",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35884",
"datePublished": "2024-05-19T08:34:40.948Z",
"dateReserved": "2024-05-17T13:50:33.112Z",
"dateUpdated": "2025-05-04T09:07:33.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52699 (GCVE-0-2023-52699)
Vulnerability from cvelistv5
Published
2024-05-19 10:10
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sysv: don't call sb_bread() with pointers_lock held
syzbot is reporting sleep in atomic context in SysV filesystem [1], for
sb_bread() is called with rw_spinlock held.
A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug
and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by
"Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12.
Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the
former bug by moving pointers_lock lock to the callers, but instead
introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made
this problem easier to hit).
Al Viro suggested that why not to do like get_branch()/get_block()/
find_shared() in Minix filesystem does. And doing like that is almost a
revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch()
from with find_shared() is called without write_lock(&pointers_lock).
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:05:59.108260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T17:06:03.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/674c1c4229e743070e09db63a23442950ff000d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd203d2c671bdee9ab77090ff394d3b71b627927"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53cb1e52c9db618c08335984d1ca80db220ccf09"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89e8524135a3902e7563a5a59b7b5ec1bf4904ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a69224223746ab96d43e5db9d22d136827b7e2d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f123dc86388cb669c3d6322702dc441abc35c31e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/sysv/itree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "13b33feb2ebddc2b1aa607f553566b18a4af1d76",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "674c1c4229e743070e09db63a23442950ff000d1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fd203d2c671bdee9ab77090ff394d3b71b627927",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "53cb1e52c9db618c08335984d1ca80db220ccf09",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "89e8524135a3902e7563a5a59b7b5ec1bf4904ac",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a69224223746ab96d43e5db9d22d136827b7e2d3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f123dc86388cb669c3d6322702dc441abc35c31e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/sysv/itree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysv: don\u0027t call sb_bread() with pointers_lock held\n\nsyzbot is reporting sleep in atomic context in SysV filesystem [1], for\nsb_bread() is called with rw_spinlock held.\n\nA \"write_lock(\u0026pointers_lock) =\u003e read_lock(\u0026pointers_lock) deadlock\" bug\nand a \"sb_bread() with write_lock(\u0026pointers_lock)\" bug were introduced by\n\"Replace BKL for chain locking with sysvfs-private rwlock\" in Linux 2.5.12.\n\nThen, \"[PATCH] err1-40: sysvfs locking fix\" in Linux 2.6.8 fixed the\nformer bug by moving pointers_lock lock to the callers, but instead\nintroduced a \"sb_bread() with read_lock(\u0026pointers_lock)\" bug (which made\nthis problem easier to hit).\n\nAl Viro suggested that why not to do like get_branch()/get_block()/\nfind_shared() in Minix filesystem does. And doing like that is almost a\nrevert of \"[PATCH] err1-40: sysvfs locking fix\" except that get_branch()\n from with find_shared() is called without write_lock(\u0026pointers_lock)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:52.866Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76"
},
{
"url": "https://git.kernel.org/stable/c/1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f"
},
{
"url": "https://git.kernel.org/stable/c/674c1c4229e743070e09db63a23442950ff000d1"
},
{
"url": "https://git.kernel.org/stable/c/fd203d2c671bdee9ab77090ff394d3b71b627927"
},
{
"url": "https://git.kernel.org/stable/c/53cb1e52c9db618c08335984d1ca80db220ccf09"
},
{
"url": "https://git.kernel.org/stable/c/89e8524135a3902e7563a5a59b7b5ec1bf4904ac"
},
{
"url": "https://git.kernel.org/stable/c/a69224223746ab96d43e5db9d22d136827b7e2d3"
},
{
"url": "https://git.kernel.org/stable/c/f123dc86388cb669c3d6322702dc441abc35c31e"
}
],
"title": "sysv: don\u0027t call sb_bread() with pointers_lock held",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52699",
"datePublished": "2024-05-19T10:10:30.381Z",
"dateReserved": "2024-03-07T14:49:46.890Z",
"dateUpdated": "2025-05-04T07:41:52.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52865 (GCVE-0-2023-52865)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
Add the check for the return value of mtk_alloc_clk_data() in order to
avoid NULL pointer dereference.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T19:32:41.804264Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:00.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c26feedbc561f2a3cee1a4f717e61bdbdfb4fa92"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c79cbfb8e9e2311be77182893fda5ea4068c836"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2705c5b97f504e831ae1935c05f0e44f80dfa6b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81b16286110728674dcf81137be0687c5055e7bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3aefc6fcfbada57fac27f470602d5565e5b76cb4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/357df1c2f6ace96defd557fad709ed1f9f70e16c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be3f12f16038a558f08fa93cc32fa715746a5235"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/122ac6496e4975ddd7ec1edba4f6fc1e15e39478"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/606f6366a35a3329545e38129804d65ef26ed7d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt6797.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c26feedbc561f2a3cee1a4f717e61bdbdfb4fa92",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "4c79cbfb8e9e2311be77182893fda5ea4068c836",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "2705c5b97f504e831ae1935c05f0e44f80dfa6b3",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "81b16286110728674dcf81137be0687c5055e7bf",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "3aefc6fcfbada57fac27f470602d5565e5b76cb4",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "357df1c2f6ace96defd557fad709ed1f9f70e16c",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "be3f12f16038a558f08fa93cc32fa715746a5235",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "122ac6496e4975ddd7ec1edba4f6fc1e15e39478",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "606f6366a35a3329545e38129804d65ef26ed7d2",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt6797.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.330",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.330",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data\n\nAdd the check for the return value of mtk_alloc_clk_data() in order to\navoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:35.104Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c26feedbc561f2a3cee1a4f717e61bdbdfb4fa92"
},
{
"url": "https://git.kernel.org/stable/c/4c79cbfb8e9e2311be77182893fda5ea4068c836"
},
{
"url": "https://git.kernel.org/stable/c/2705c5b97f504e831ae1935c05f0e44f80dfa6b3"
},
{
"url": "https://git.kernel.org/stable/c/81b16286110728674dcf81137be0687c5055e7bf"
},
{
"url": "https://git.kernel.org/stable/c/3aefc6fcfbada57fac27f470602d5565e5b76cb4"
},
{
"url": "https://git.kernel.org/stable/c/357df1c2f6ace96defd557fad709ed1f9f70e16c"
},
{
"url": "https://git.kernel.org/stable/c/be3f12f16038a558f08fa93cc32fa715746a5235"
},
{
"url": "https://git.kernel.org/stable/c/122ac6496e4975ddd7ec1edba4f6fc1e15e39478"
},
{
"url": "https://git.kernel.org/stable/c/606f6366a35a3329545e38129804d65ef26ed7d2"
}
],
"title": "clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52865",
"datePublished": "2024-05-21T15:31:56.527Z",
"dateReserved": "2024-05-21T15:19:24.262Z",
"dateUpdated": "2025-05-04T07:44:35.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38552 (GCVE-0-2024-38552)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix potential index out of bounds in color transformation function
Fixes index out of bounds issue in the color transformation function.
The issue could occur when the index 'i' exceeds the number of transfer
function points (TRANSFER_FUNC_POINTS).
The fix adds a check to ensure 'i' is within bounds before accessing the
transfer function points. If 'i' is out of bounds, an error message is
logged and the function returns false to indicate an error.
Reported by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:405 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:406 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:407 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 Version: b629596072e5fa901c84f9e88d845a696ee32942 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/604c506ca43fce52bb882cff9c1fdf2ec3b4029c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e280ab978c81443103d7c61bdd1d8d708cf6ed6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04bc4d1090c343025d69149ca669a27c5b9c34a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ced9c4e2289a786b8fa684d8893b7045ea53ef7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98b8a6bfd30d07a19cfacdf82b50f84bf3360869"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e8c8b37ee84b3b19c448d2b8e4c916d2f5b9c86"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/123edbae64f4d21984359b99c6e79fcde31c6123"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7226ddf3311c5e5a7726ad7d4e7b079bb3cfbb29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/63ae548f1054a0b71678d0349c7dc9628ddd42ca"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:50.788974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:57.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "604c506ca43fce52bb882cff9c1fdf2ec3b4029c",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "e280ab978c81443103d7c61bdd1d8d708cf6ed6d",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "04bc4d1090c343025d69149ca669a27c5b9c34a7",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "ced9c4e2289a786b8fa684d8893b7045ea53ef7e",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "98b8a6bfd30d07a19cfacdf82b50f84bf3360869",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "4e8c8b37ee84b3b19c448d2b8e4c916d2f5b9c86",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "123edbae64f4d21984359b99c6e79fcde31c6123",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "7226ddf3311c5e5a7726ad7d4e7b079bb3cfbb29",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
},
{
"lessThan": "63ae548f1054a0b71678d0349c7dc9628ddd42ca",
"status": "affected",
"version": "b629596072e5fa901c84f9e88d845a696ee32942",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential index out of bounds in color transformation function\n\nFixes index out of bounds issue in the color transformation function.\nThe issue could occur when the index \u0027i\u0027 exceeds the number of transfer\nfunction points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds, an error message is\nlogged and the function returns false to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:405 cm_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:406 cm_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:407 cm_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:50.576Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/604c506ca43fce52bb882cff9c1fdf2ec3b4029c"
},
{
"url": "https://git.kernel.org/stable/c/e280ab978c81443103d7c61bdd1d8d708cf6ed6d"
},
{
"url": "https://git.kernel.org/stable/c/04bc4d1090c343025d69149ca669a27c5b9c34a7"
},
{
"url": "https://git.kernel.org/stable/c/ced9c4e2289a786b8fa684d8893b7045ea53ef7e"
},
{
"url": "https://git.kernel.org/stable/c/98b8a6bfd30d07a19cfacdf82b50f84bf3360869"
},
{
"url": "https://git.kernel.org/stable/c/4e8c8b37ee84b3b19c448d2b8e4c916d2f5b9c86"
},
{
"url": "https://git.kernel.org/stable/c/123edbae64f4d21984359b99c6e79fcde31c6123"
},
{
"url": "https://git.kernel.org/stable/c/7226ddf3311c5e5a7726ad7d4e7b079bb3cfbb29"
},
{
"url": "https://git.kernel.org/stable/c/63ae548f1054a0b71678d0349c7dc9628ddd42ca"
}
],
"title": "drm/amd/display: Fix potential index out of bounds in color transformation function",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38552",
"datePublished": "2024-06-19T13:35:24.067Z",
"dateReserved": "2024-06-18T19:36:34.920Z",
"dateUpdated": "2025-05-04T09:13:50.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38663 (GCVE-0-2024-38663)
Vulnerability from cvelistv5
Published
2024-06-24 13:50
Modified
2025-05-04 09:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-cgroup: fix list corruption from resetting io stat
Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"),
each iostat instance is added to blkcg percpu list, so blkcg_reset_stats()
can't reset the stat instance by memset(), otherwise the llist may be
corrupted.
Fix the issue by only resetting the counter part.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:51:20.493125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:51:34.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4a60298ac34f027a09f8f893fdbd9e06279bb24"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89bb36c72e1951843f9e04dc84412e31fcc849a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6da6680632792709cecf2b006f2fe3ca7857e791"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-cgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d4a60298ac34f027a09f8f893fdbd9e06279bb24",
"status": "affected",
"version": "3b8cc6298724021da845f2f9fd7dd4b6829a6817",
"versionType": "git"
},
{
"lessThan": "89bb36c72e1951843f9e04dc84412e31fcc849a9",
"status": "affected",
"version": "3b8cc6298724021da845f2f9fd7dd4b6829a6817",
"versionType": "git"
},
{
"lessThan": "6da6680632792709cecf2b006f2fe3ca7857e791",
"status": "affected",
"version": "3b8cc6298724021da845f2f9fd7dd4b6829a6817",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-cgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: fix list corruption from resetting io stat\n\nSince commit 3b8cc6298724 (\"blk-cgroup: Optimize blkcg_rstat_flush()\"),\neach iostat instance is added to blkcg percpu list, so blkcg_reset_stats()\ncan\u0027t reset the stat instance by memset(), otherwise the llist may be\ncorrupted.\n\nFix the issue by only resetting the counter part."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:16:00.813Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d4a60298ac34f027a09f8f893fdbd9e06279bb24"
},
{
"url": "https://git.kernel.org/stable/c/89bb36c72e1951843f9e04dc84412e31fcc849a9"
},
{
"url": "https://git.kernel.org/stable/c/6da6680632792709cecf2b006f2fe3ca7857e791"
}
],
"title": "blk-cgroup: fix list corruption from resetting io stat",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38663",
"datePublished": "2024-06-24T13:50:51.710Z",
"dateReserved": "2024-06-21T11:16:40.592Z",
"dateUpdated": "2025-05-04T09:16:00.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35898 (GCVE-0-2024-35898)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can
concurrent with __nft_flowtable_type_get() within nf_tables_newflowtable().
And thhere is not any protection when iterate over nf_tables_flowtables
list in __nft_flowtable_type_get(). Therefore, there is pertential
data-race of nf_tables_flowtables list entry.
Use list_for_each_entry_rcu() to iterate over nf_tables_flowtables list
in __nft_flowtable_type_get(), and use rcu_read_lock() in the caller
nft_flowtable_type_get() to protect the entire type query process.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 Version: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:29:13.616197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T19:40:06.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69d1fe14a680042ec913f22196b58e2c8ff1b007",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "a347bc8e6251eaee4b619da28020641eb5b0dd77",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "940d41caa71f0d3a52df2fde5fada524a993e331",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "2485bcfe05ee3cf9ca8923a94fa2e456924c79c8",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "8b891153b2e4dc0ca9d9dab8f619d49c740813df",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "e684b1674fd1ca4361812a491242ae871d6b2859",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "24225011d81b471acc0e1e315b7d9905459a6304",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()\n\nnft_unregister_flowtable_type() within nf_flow_inet_module_exit() can\nconcurrent with __nft_flowtable_type_get() within nf_tables_newflowtable().\nAnd thhere is not any protection when iterate over nf_tables_flowtables\nlist in __nft_flowtable_type_get(). Therefore, there is pertential\ndata-race of nf_tables_flowtables list entry.\n\nUse list_for_each_entry_rcu() to iterate over nf_tables_flowtables list\nin __nft_flowtable_type_get(), and use rcu_read_lock() in the caller\nnft_flowtable_type_get() to protect the entire type query process."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:54.817Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007"
},
{
"url": "https://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77"
},
{
"url": "https://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331"
},
{
"url": "https://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8"
},
{
"url": "https://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b"
},
{
"url": "https://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df"
},
{
"url": "https://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859"
},
{
"url": "https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304"
}
],
"title": "netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35898",
"datePublished": "2024-05-19T08:34:52.519Z",
"dateReserved": "2024-05-17T13:50:33.114Z",
"dateUpdated": "2025-05-04T09:07:54.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52773 (GCVE-0-2023-52773)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer()
When ddc_service_construct() is called, it explicitly checks both the
link type and whether there is something on the link which will
dictate whether the pin is marked as hw_supported.
If the pin isn't set or the link is not set (such as from
unloading/reloading amdgpu in an IGT test) then fail the
amdgpu_dm_i2c_xfer() call.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:34:16.322339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T15:34:25.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb5c134ca589fe670430acc9e7ebf2691ca2476d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b14cf37b9f01de0b28c6f8960019d4c7883ce42"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d07b7e84276777dad3c8cfebdf8e739606f90c9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b71f4ade1b8900d30c661d6c27f87c35214c398c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fb5c134ca589fe670430acc9e7ebf2691ca2476d",
"status": "affected",
"version": "22676bc500c27d987a0b42cbe162aebf783f1c38",
"versionType": "git"
},
{
"lessThan": "5b14cf37b9f01de0b28c6f8960019d4c7883ce42",
"status": "affected",
"version": "22676bc500c27d987a0b42cbe162aebf783f1c38",
"versionType": "git"
},
{
"lessThan": "1d07b7e84276777dad3c8cfebdf8e739606f90c9",
"status": "affected",
"version": "22676bc500c27d987a0b42cbe162aebf783f1c38",
"versionType": "git"
},
{
"lessThan": "b71f4ade1b8900d30c661d6c27f87c35214c398c",
"status": "affected",
"version": "22676bc500c27d987a0b42cbe162aebf783f1c38",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer()\n\nWhen ddc_service_construct() is called, it explicitly checks both the\nlink type and whether there is something on the link which will\ndictate whether the pin is marked as hw_supported.\n\nIf the pin isn\u0027t set or the link is not set (such as from\nunloading/reloading amdgpu in an IGT test) then fail the\namdgpu_dm_i2c_xfer() call."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:56.553Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fb5c134ca589fe670430acc9e7ebf2691ca2476d"
},
{
"url": "https://git.kernel.org/stable/c/5b14cf37b9f01de0b28c6f8960019d4c7883ce42"
},
{
"url": "https://git.kernel.org/stable/c/1d07b7e84276777dad3c8cfebdf8e739606f90c9"
},
{
"url": "https://git.kernel.org/stable/c/b71f4ade1b8900d30c661d6c27f87c35214c398c"
}
],
"title": "drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52773",
"datePublished": "2024-05-21T15:30:54.932Z",
"dateReserved": "2024-05-21T15:19:24.239Z",
"dateUpdated": "2025-05-04T07:42:56.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52863 (GCVE-0-2023-52863)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (axi-fan-control) Fix possible NULL pointer dereference
axi_fan_control_irq_handler(), dependent on the private
axi_fan_control_data structure, might be called before the hwmon
device is registered. That will cause an "Unable to handle kernel
NULL pointer dereference" error.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8412b410fa5e1e494a0fec84c3c462d49870d3f5 Version: 8412b410fa5e1e494a0fec84c3c462d49870d3f5 Version: 8412b410fa5e1e494a0fec84c3c462d49870d3f5 Version: 8412b410fa5e1e494a0fec84c3c462d49870d3f5 Version: 8412b410fa5e1e494a0fec84c3c462d49870d3f5 Version: 8412b410fa5e1e494a0fec84c3c462d49870d3f5 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:54:12.271284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:25.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d870088db4863c514a7f8751cd593751983029a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3e7eb23a6e97642ff3190431c06475d9ca1e062"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33de53a2706066d526173dc743faf43d92c62105"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f62b8969847850ba7596cb145cc47c65ea57dae0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c49f14cc1bb12c625a1c572e8a95b6adefd4d8eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a5b3370a1d9750eca325292e291c8c7cb8cf2e0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/axi-fan-control.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7d870088db4863c514a7f8751cd593751983029a",
"status": "affected",
"version": "8412b410fa5e1e494a0fec84c3c462d49870d3f5",
"versionType": "git"
},
{
"lessThan": "b3e7eb23a6e97642ff3190431c06475d9ca1e062",
"status": "affected",
"version": "8412b410fa5e1e494a0fec84c3c462d49870d3f5",
"versionType": "git"
},
{
"lessThan": "33de53a2706066d526173dc743faf43d92c62105",
"status": "affected",
"version": "8412b410fa5e1e494a0fec84c3c462d49870d3f5",
"versionType": "git"
},
{
"lessThan": "f62b8969847850ba7596cb145cc47c65ea57dae0",
"status": "affected",
"version": "8412b410fa5e1e494a0fec84c3c462d49870d3f5",
"versionType": "git"
},
{
"lessThan": "c49f14cc1bb12c625a1c572e8a95b6adefd4d8eb",
"status": "affected",
"version": "8412b410fa5e1e494a0fec84c3c462d49870d3f5",
"versionType": "git"
},
{
"lessThan": "2a5b3370a1d9750eca325292e291c8c7cb8cf2e0",
"status": "affected",
"version": "8412b410fa5e1e494a0fec84c3c462d49870d3f5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/axi-fan-control.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (axi-fan-control) Fix possible NULL pointer dereference\n\naxi_fan_control_irq_handler(), dependent on the private\naxi_fan_control_data structure, might be called before the hwmon\ndevice is registered. That will cause an \"Unable to handle kernel\nNULL pointer dereference\" error."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:32.560Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7d870088db4863c514a7f8751cd593751983029a"
},
{
"url": "https://git.kernel.org/stable/c/b3e7eb23a6e97642ff3190431c06475d9ca1e062"
},
{
"url": "https://git.kernel.org/stable/c/33de53a2706066d526173dc743faf43d92c62105"
},
{
"url": "https://git.kernel.org/stable/c/f62b8969847850ba7596cb145cc47c65ea57dae0"
},
{
"url": "https://git.kernel.org/stable/c/c49f14cc1bb12c625a1c572e8a95b6adefd4d8eb"
},
{
"url": "https://git.kernel.org/stable/c/2a5b3370a1d9750eca325292e291c8c7cb8cf2e0"
}
],
"title": "hwmon: (axi-fan-control) Fix possible NULL pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52863",
"datePublished": "2024-05-21T15:31:55.198Z",
"dateReserved": "2024-05-21T15:19:24.261Z",
"dateUpdated": "2025-05-04T07:44:32.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36900 (GCVE-0-2024-36900)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix kernel crash when devlink reload during initialization
The devlink reload process will access the hardware resources,
but the register operation is done before the hardware is initialized.
So, processing the devlink reload during initialization may lead to kernel
crash.
This patch fixes this by registering the devlink after
hardware initialization.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:33:50.003073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:33:58.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72ede790f5a03c3957487400a1b72ebce293a2e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c623fe0534806b627054da09b6f51b7b2f7b9cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c98bc78ce0909ccc92005e2cb6609ec6c7942f69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35d92abfbad88cf947c010baf34b075e40566095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c",
"drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "72ede790f5a03c3957487400a1b72ebce293a2e7",
"status": "affected",
"version": "cd6242991d2e3990c828a7c2215d2d3321f1da39",
"versionType": "git"
},
{
"lessThan": "5c623fe0534806b627054da09b6f51b7b2f7b9cd",
"status": "affected",
"version": "cd6242991d2e3990c828a7c2215d2d3321f1da39",
"versionType": "git"
},
{
"lessThan": "c98bc78ce0909ccc92005e2cb6609ec6c7942f69",
"status": "affected",
"version": "cd6242991d2e3990c828a7c2215d2d3321f1da39",
"versionType": "git"
},
{
"lessThan": "35d92abfbad88cf947c010baf34b075e40566095",
"status": "affected",
"version": "cd6242991d2e3990c828a7c2215d2d3321f1da39",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c",
"drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when devlink reload during initialization\n\nThe devlink reload process will access the hardware resources,\nbut the register operation is done before the hardware is initialized.\nSo, processing the devlink reload during initialization may lead to kernel\ncrash.\n\nThis patch fixes this by registering the devlink after\nhardware initialization."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:41.063Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/72ede790f5a03c3957487400a1b72ebce293a2e7"
},
{
"url": "https://git.kernel.org/stable/c/5c623fe0534806b627054da09b6f51b7b2f7b9cd"
},
{
"url": "https://git.kernel.org/stable/c/c98bc78ce0909ccc92005e2cb6609ec6c7942f69"
},
{
"url": "https://git.kernel.org/stable/c/35d92abfbad88cf947c010baf34b075e40566095"
}
],
"title": "net: hns3: fix kernel crash when devlink reload during initialization",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36900",
"datePublished": "2024-05-30T15:29:03.158Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2025-05-04T09:11:41.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35896 (GCVE-0-2024-35896)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: validate user input for expected length
I got multiple syzbot reports showing old bugs exposed
by BPF after commit 20f2505fb436 ("bpf: Try to avoid kzalloc
in cgroup/{s,g}etsockopt")
setsockopt() @optlen argument should be taken into account
before copying data.
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]
BUG: KASAN: slab-out-of-bounds in do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline]
BUG: KASAN: slab-out-of-bounds in do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627
Read of size 96 at addr ffff88802cd73da0 by task syz-executor.4/7238
CPU: 1 PID: 7238 Comm: syz-executor.4 Not tainted 6.9.0-rc2-next-20240403-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
__asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105
copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
copy_from_sockptr include/linux/sockptr.h:55 [inline]
do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline]
do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627
nf_setsockopt+0x295/0x2c0 net/netfilter/nf_sockopt.c:101
do_sock_setsockopt+0x3af/0x720 net/socket.c:2311
__sys_setsockopt+0x1ae/0x250 net/socket.c:2334
__do_sys_setsockopt net/socket.c:2343 [inline]
__se_sys_setsockopt net/socket.c:2340 [inline]
__x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340
do_syscall_64+0xfb/0x240
entry_SYSCALL_64_after_hwframe+0x72/0x7a
RIP: 0033:0x7fd22067dde9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd21f9ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fd2207abf80 RCX: 00007fd22067dde9
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007fd2206ca47a R08: 0000000000000001 R09: 0000000000000000
R10: 0000000020000880 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fd2207abf80 R15: 00007ffd2d0170d8
</TASK>
Allocated by task 7238:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slub.c:4069 [inline]
__kmalloc_noprof+0x200/0x410 mm/slub.c:4082
kmalloc_noprof include/linux/slab.h:664 [inline]
__cgroup_bpf_run_filter_setsockopt+0xd47/0x1050 kernel/bpf/cgroup.c:1869
do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293
__sys_setsockopt+0x1ae/0x250 net/socket.c:2334
__do_sys_setsockopt net/socket.c:2343 [inline]
__se_sys_setsockopt net/socket.c:2340 [inline]
__x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340
do_syscall_64+0xfb/0x240
entry_SYSCALL_64_after_hwframe+0x72/0x7a
The buggy address belongs to the object at ffff88802cd73da0
which belongs to the cache kmalloc-8 of size 8
The buggy address is located 0 bytes inside of
allocated 1-byte region [ffff88802cd73da0, ffff88802cd73da1)
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802cd73020 pfn:0x2cd73
flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
page_type: 0xffffefff(slab)
raw: 00fff80000000000 ffff888015041280 dead000000000100 dead000000000122
raw: ffff88802cd73020 000000008080007f 00000001ffffefff 00
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:13:06.429370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:31.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-21T18:03:48.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbca3f2525354b159b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd865260ceadac60d5a6c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250321-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bridge/netfilter/ebtables.c",
"net/ipv4/netfilter/arp_tables.c",
"net/ipv4/netfilter/ip_tables.c",
"net/ipv6/netfilter/ip6_tables.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0f038242b77ddfc505bf4163d4904c1abd2e74d6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "440e948cf0eff32cfe322dcbca3f2525354b159b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "18aae2cb87e5faa9c5bd865260ceadac60d5a6c5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0c83842df40f86e529db6842231154772c20edcc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bridge/netfilter/ebtables.c",
"net/ipv4/netfilter/arp_tables.c",
"net/ipv4/netfilter/ip_tables.c",
"net/ipv6/netfilter/ip6_tables.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: validate user input for expected length\n\nI got multiple syzbot reports showing old bugs exposed\nby BPF after commit 20f2505fb436 (\"bpf: Try to avoid kzalloc\nin cgroup/{s,g}etsockopt\")\n\nsetsockopt() @optlen argument should be taken into account\nbefore copying data.\n\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline]\n BUG: KASAN: slab-out-of-bounds in do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627\nRead of size 96 at addr ffff88802cd73da0 by task syz-executor.4/7238\n\nCPU: 1 PID: 7238 Comm: syz-executor.4 Not tainted 6.9.0-rc2-next-20240403-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105\n copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n copy_from_sockptr include/linux/sockptr.h:55 [inline]\n do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline]\n do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627\n nf_setsockopt+0x295/0x2c0 net/netfilter/nf_sockopt.c:101\n do_sock_setsockopt+0x3af/0x720 net/socket.c:2311\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x72/0x7a\nRIP: 0033:0x7fd22067dde9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fd21f9ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 00007fd2207abf80 RCX: 00007fd22067dde9\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007fd2206ca47a R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000020000880 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007fd2207abf80 R15: 00007ffd2d0170d8\n \u003c/TASK\u003e\n\nAllocated by task 7238:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:370 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387\n kasan_kmalloc include/linux/kasan.h:211 [inline]\n __do_kmalloc_node mm/slub.c:4069 [inline]\n __kmalloc_noprof+0x200/0x410 mm/slub.c:4082\n kmalloc_noprof include/linux/slab.h:664 [inline]\n __cgroup_bpf_run_filter_setsockopt+0xd47/0x1050 kernel/bpf/cgroup.c:1869\n do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x72/0x7a\n\nThe buggy address belongs to the object at ffff88802cd73da0\n which belongs to the cache kmalloc-8 of size 8\nThe buggy address is located 0 bytes inside of\n allocated 1-byte region [ffff88802cd73da0, ffff88802cd73da1)\n\nThe buggy address belongs to the physical page:\npage: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802cd73020 pfn:0x2cd73\nflags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)\npage_type: 0xffffefff(slab)\nraw: 00fff80000000000 ffff888015041280 dead000000000100 dead000000000122\nraw: ffff88802cd73020 000000008080007f 00000001ffffefff 00\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:51.769Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6"
},
{
"url": "https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbca3f2525354b159b"
},
{
"url": "https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd865260ceadac60d5a6c5"
},
{
"url": "https://git.kernel.org/stable/c/81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525"
},
{
"url": "https://git.kernel.org/stable/c/58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018"
},
{
"url": "https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc"
}
],
"title": "netfilter: validate user input for expected length",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35896",
"datePublished": "2024-05-19T08:34:51.034Z",
"dateReserved": "2024-05-17T13:50:33.114Z",
"dateUpdated": "2025-05-04T09:07:51.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36479 (GCVE-0-2024-36479)
Vulnerability from cvelistv5
Published
2024-06-24 13:56
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fpga: bridge: add owner module and take its refcount
The current implementation of the fpga bridge assumes that the low-level
module registers a driver for the parent device and uses its owner pointer
to take the module's refcount. This approach is problematic since it can
lead to a null pointer dereference while attempting to get the bridge if
the parent device does not have a driver.
To address this problem, add a module owner pointer to the fpga_bridge
struct and use it to take the module's refcount. Modify the function for
registering a bridge to take an additional owner module parameter and
rename it to avoid conflicts. Use the old function name for a helper macro
that automatically sets the module that registers the bridge as the owner.
This ensures compatibility with existing low-level control modules and
reduces the chances of registering a bridge without setting the owner.
Also, update the documentation to keep it consistent with the new interface
for registering an fpga bridge.
Other changes: opportunistically move put_device() from __fpga_bridge_get()
to fpga_bridge_get() and of_fpga_bridge_get() to improve code clarity since
the bridge device is taken in these functions.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d7c4081c54a1d4068de9440957303a76f9e5c95b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6896b6b2e2d9ec4e1b0acb4c1698a75a4b34d125"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1da11f822042eb6ef4b6064dc048f157a7852529"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:08:33.763603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:43.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"Documentation/driver-api/fpga/fpga-bridge.rst",
"drivers/fpga/fpga-bridge.c",
"include/linux/fpga/fpga-bridge.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "18dc8366abb6cadcb77668b1a16434654e355d49",
"status": "affected",
"version": "21aeda950c5f84a8351b862816d832120b217a9b",
"versionType": "git"
},
{
"lessThan": "d7c4081c54a1d4068de9440957303a76f9e5c95b",
"status": "affected",
"version": "21aeda950c5f84a8351b862816d832120b217a9b",
"versionType": "git"
},
{
"lessThan": "6896b6b2e2d9ec4e1b0acb4c1698a75a4b34d125",
"status": "affected",
"version": "21aeda950c5f84a8351b862816d832120b217a9b",
"versionType": "git"
},
{
"lessThan": "1da11f822042eb6ef4b6064dc048f157a7852529",
"status": "affected",
"version": "21aeda950c5f84a8351b862816d832120b217a9b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"Documentation/driver-api/fpga/fpga-bridge.rst",
"drivers/fpga/fpga-bridge.c",
"include/linux/fpga/fpga-bridge.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: bridge: add owner module and take its refcount\n\nThe current implementation of the fpga bridge assumes that the low-level\nmodule registers a driver for the parent device and uses its owner pointer\nto take the module\u0027s refcount. This approach is problematic since it can\nlead to a null pointer dereference while attempting to get the bridge if\nthe parent device does not have a driver.\n\nTo address this problem, add a module owner pointer to the fpga_bridge\nstruct and use it to take the module\u0027s refcount. Modify the function for\nregistering a bridge to take an additional owner module parameter and\nrename it to avoid conflicts. Use the old function name for a helper macro\nthat automatically sets the module that registers the bridge as the owner.\nThis ensures compatibility with existing low-level control modules and\nreduces the chances of registering a bridge without setting the owner.\n\nAlso, update the documentation to keep it consistent with the new interface\nfor registering an fpga bridge.\n\nOther changes: opportunistically move put_device() from __fpga_bridge_get()\nto fpga_bridge_get() and of_fpga_bridge_get() to improve code clarity since\nthe bridge device is taken in these functions."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:09.281Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/18dc8366abb6cadcb77668b1a16434654e355d49"
},
{
"url": "https://git.kernel.org/stable/c/d7c4081c54a1d4068de9440957303a76f9e5c95b"
},
{
"url": "https://git.kernel.org/stable/c/6896b6b2e2d9ec4e1b0acb4c1698a75a4b34d125"
},
{
"url": "https://git.kernel.org/stable/c/1da11f822042eb6ef4b6064dc048f157a7852529"
}
],
"title": "fpga: bridge: add owner module and take its refcount",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36479",
"datePublished": "2024-06-24T13:56:51.367Z",
"dateReserved": "2024-06-24T13:53:25.564Z",
"dateUpdated": "2025-05-04T09:11:09.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36969 (GCVE-0-2024-36969)
Vulnerability from cvelistv5
Published
2024-06-08 12:53
Modified
2025-07-11 17:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix division by zero in setup_dsc_config
When slice_height is 0, the division by slice_height in the calculation
of the number of slices will cause a division by zero driver crash. This
leaves the kernel in a state that requires a reboot. This patch adds a
check to avoid the division by zero.
The stack trace below is for the 6.8.4 Kernel. I reproduced the issue on
a Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor
connected via Thunderbolt. The amdgpu driver crashed with this exception
when I rebooted the system with the monitor connected.
kernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447)
kernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154)
kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu
kernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175)
kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu
kernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2))
kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu
kernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548)
kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu
kernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu
After applying this patch, the driver no longer crashes when the monitor
is connected and the system is rebooted. I believe this is the same
issue reported for 3113.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T18:44:38.607815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:44:52.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a32c8f951c8a456c1c251e1dcdf21787f8066445"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/91402e0e5de9124a3108db7a14163fcf9a6d322f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e4f50dfc98c49b3dc6875a35c3112522fb25639"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f187fcbbb8f8bf10c6687f0beae22509369f7563"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/308de6be0c9c7ba36915c0d398e771725c0ea911"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/130afc8a886183a94cf6eab7d24f300014ff87ba"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a32c8f951c8a456c1c251e1dcdf21787f8066445",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "91402e0e5de9124a3108db7a14163fcf9a6d322f",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "7e4f50dfc98c49b3dc6875a35c3112522fb25639",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "f187fcbbb8f8bf10c6687f0beae22509369f7563",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "308de6be0c9c7ba36915c0d398e771725c0ea911",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "130afc8a886183a94cf6eab7d24f300014ff87ba",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.92",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.160",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.92",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.32",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.11",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.2",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix division by zero in setup_dsc_config\n\nWhen slice_height is 0, the division by slice_height in the calculation\nof the number of slices will cause a division by zero driver crash. This\nleaves the kernel in a state that requires a reboot. This patch adds a\ncheck to avoid the division by zero.\n\nThe stack trace below is for the 6.8.4 Kernel. I reproduced the issue on\na Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor\nconnected via Thunderbolt. The amdgpu driver crashed with this exception\nwhen I rebooted the system with the monitor connected.\n\nkernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447)\nkernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2))\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu\n\nAfter applying this patch, the driver no longer crashes when the monitor\nis connected and the system is rebooted. I believe this is the same\nissue reported for 3113."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:19:47.597Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a32c8f951c8a456c1c251e1dcdf21787f8066445"
},
{
"url": "https://git.kernel.org/stable/c/91402e0e5de9124a3108db7a14163fcf9a6d322f"
},
{
"url": "https://git.kernel.org/stable/c/7e4f50dfc98c49b3dc6875a35c3112522fb25639"
},
{
"url": "https://git.kernel.org/stable/c/f187fcbbb8f8bf10c6687f0beae22509369f7563"
},
{
"url": "https://git.kernel.org/stable/c/308de6be0c9c7ba36915c0d398e771725c0ea911"
},
{
"url": "https://git.kernel.org/stable/c/130afc8a886183a94cf6eab7d24f300014ff87ba"
}
],
"title": "drm/amd/display: Fix division by zero in setup_dsc_config",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36969",
"datePublished": "2024-06-08T12:53:01.353Z",
"dateReserved": "2024-05-30T15:25:07.081Z",
"dateUpdated": "2025-07-11T17:19:47.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35843 (GCVE-0-2024-35843)
Vulnerability from cvelistv5
Published
2024-05-17 14:40
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Use device rbtree in iopf reporting path
The existing I/O page fault handler currently locates the PCI device by
calling pci_get_domain_bus_and_slot(). This function searches the list
of all PCI devices until the desired device is found. To improve lookup
efficiency, replace it with device_rbtree_find() to search the device
within the probed device rbtree.
The I/O page fault is initiated by the device, which does not have any
synchronization mechanism with the software to ensure that the device
stays in the probed device tree. Theoretically, a device could be released
by the IOMMU subsystem after device_rbtree_find() and before
iopf_get_dev_fault_param(), which would cause a use-after-free problem.
Add a mutex to synchronize the I/O page fault reporting path and the IOMMU
release device path. This lock doesn't introduce any performance overhead,
as the conflict between I/O page fault reporting and device releasing is
very rare.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3d39238991e7",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "def054b01a86",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T19:36:46.083168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T19:36:51.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "ADP Container"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d39238991e745c5df85785604f037f35d9d1b15"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/def054b01a867822254e1dda13d587f5c7a99e2a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/dmar.c",
"drivers/iommu/intel/iommu.c",
"drivers/iommu/intel/iommu.h",
"drivers/iommu/intel/svm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3d39238991e745c5df85785604f037f35d9d1b15",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "def054b01a867822254e1dda13d587f5c7a99e2a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/dmar.c",
"drivers/iommu/intel/iommu.c",
"drivers/iommu/intel/iommu.h",
"drivers/iommu/intel/svm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Use device rbtree in iopf reporting path\n\nThe existing I/O page fault handler currently locates the PCI device by\ncalling pci_get_domain_bus_and_slot(). This function searches the list\nof all PCI devices until the desired device is found. To improve lookup\nefficiency, replace it with device_rbtree_find() to search the device\nwithin the probed device rbtree.\n\nThe I/O page fault is initiated by the device, which does not have any\nsynchronization mechanism with the software to ensure that the device\nstays in the probed device tree. Theoretically, a device could be released\nby the IOMMU subsystem after device_rbtree_find() and before\niopf_get_dev_fault_param(), which would cause a use-after-free problem.\n\nAdd a mutex to synchronize the I/O page fault reporting path and the IOMMU\nrelease device path. This lock doesn\u0027t introduce any performance overhead,\nas the conflict between I/O page fault reporting and device releasing is\nvery rare."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:39.871Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3d39238991e745c5df85785604f037f35d9d1b15"
},
{
"url": "https://git.kernel.org/stable/c/def054b01a867822254e1dda13d587f5c7a99e2a"
}
],
"title": "iommu/vt-d: Use device rbtree in iopf reporting path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35843",
"datePublished": "2024-05-17T14:40:10.747Z",
"dateReserved": "2024-05-17T13:50:33.104Z",
"dateUpdated": "2025-05-04T09:06:39.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39371 (GCVE-0-2024-39371)
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2025-05-04 09:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring: check for non-NULL file pointer in io_file_can_poll()
In earlier kernels, it was possible to trigger a NULL pointer
dereference off the forced async preparation path, if no file had
been assigned. The trace leading to that looks as follows:
BUG: kernel NULL pointer dereference, address: 00000000000000b0
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP
CPU: 67 PID: 1633 Comm: buf-ring-invali Not tainted 6.8.0-rc3+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 2/2/2022
RIP: 0010:io_buffer_select+0xc3/0x210
Code: 00 00 48 39 d1 0f 82 ae 00 00 00 48 81 4b 48 00 00 01 00 48 89 73 70 0f b7 50 0c 66 89 53 42 85 ed 0f 85 d2 00 00 00 48 8b 13 <48> 8b 92 b0 00 00 00 48 83 7a 40 00 0f 84 21 01 00 00 4c 8b 20 5b
RSP: 0018:ffffb7bec38c7d88 EFLAGS: 00010246
RAX: ffff97af2be61000 RBX: ffff97af234f1700 RCX: 0000000000000040
RDX: 0000000000000000 RSI: ffff97aecfb04820 RDI: ffff97af234f1700
RBP: 0000000000000000 R08: 0000000000200030 R09: 0000000000000020
R10: ffffb7bec38c7dc8 R11: 000000000000c000 R12: ffffb7bec38c7db8
R13: ffff97aecfb05800 R14: ffff97aecfb05800 R15: ffff97af2be5e000
FS: 00007f852f74b740(0000) GS:ffff97b1eeec0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000000b0 CR3: 000000016deab005 CR4: 0000000000370ef0
Call Trace:
<TASK>
? __die+0x1f/0x60
? page_fault_oops+0x14d/0x420
? do_user_addr_fault+0x61/0x6a0
? exc_page_fault+0x6c/0x150
? asm_exc_page_fault+0x22/0x30
? io_buffer_select+0xc3/0x210
__io_import_iovec+0xb5/0x120
io_readv_prep_async+0x36/0x70
io_queue_sqe_fallback+0x20/0x260
io_submit_sqes+0x314/0x630
__do_sys_io_uring_enter+0x339/0xbc0
? __do_sys_io_uring_register+0x11b/0xc50
? vm_mmap_pgoff+0xce/0x160
do_syscall_64+0x5f/0x180
entry_SYSCALL_64_after_hwframe+0x46/0x4e
RIP: 0033:0x55e0a110a67e
Code: ba cc 00 00 00 45 31 c0 44 0f b6 92 d0 00 00 00 31 d2 41 b9 08 00 00 00 41 83 e2 01 41 c1 e2 04 41 09 c2 b8 aa 01 00 00 0f 05 <c3> 90 89 30 eb a9 0f 1f 40 00 48 8b 42 20 8b 00 a8 06 75 af 85 f6
because the request is marked forced ASYNC and has a bad file fd, and
hence takes the forced async prep path.
Current kernels with the request async prep cleaned up can no longer hit
this issue, but for ease of backporting, let's add this safety check in
here too as it really doesn't hurt. For both cases, this will inevitably
end with a CQE posted with -EBADF.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:14.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2844d5e58576c55d8e8d4a9f74902d3f7be8044"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43cfac7b88adedfb26c27834386992650f1642f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65561b4c1c9e01443cb76387eb36a9109e7048ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5fc16fa5f13b3c06fdb959ef262050bd810416a2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:08:11.447058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:42.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"io_uring/io_uring.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c2844d5e58576c55d8e8d4a9f74902d3f7be8044",
"status": "affected",
"version": "a76c0b31eef50fdb8b21d53a6d050f59241fb88e",
"versionType": "git"
},
{
"lessThan": "43cfac7b88adedfb26c27834386992650f1642f3",
"status": "affected",
"version": "a76c0b31eef50fdb8b21d53a6d050f59241fb88e",
"versionType": "git"
},
{
"lessThan": "65561b4c1c9e01443cb76387eb36a9109e7048ee",
"status": "affected",
"version": "a76c0b31eef50fdb8b21d53a6d050f59241fb88e",
"versionType": "git"
},
{
"lessThan": "5fc16fa5f13b3c06fdb959ef262050bd810416a2",
"status": "affected",
"version": "a76c0b31eef50fdb8b21d53a6d050f59241fb88e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"io_uring/io_uring.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.5",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check for non-NULL file pointer in io_file_can_poll()\n\nIn earlier kernels, it was possible to trigger a NULL pointer\ndereference off the forced async preparation path, if no file had\nbeen assigned. The trace leading to that looks as follows:\n\nBUG: kernel NULL pointer dereference, address: 00000000000000b0\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP\nCPU: 67 PID: 1633 Comm: buf-ring-invali Not tainted 6.8.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 2/2/2022\nRIP: 0010:io_buffer_select+0xc3/0x210\nCode: 00 00 48 39 d1 0f 82 ae 00 00 00 48 81 4b 48 00 00 01 00 48 89 73 70 0f b7 50 0c 66 89 53 42 85 ed 0f 85 d2 00 00 00 48 8b 13 \u003c48\u003e 8b 92 b0 00 00 00 48 83 7a 40 00 0f 84 21 01 00 00 4c 8b 20 5b\nRSP: 0018:ffffb7bec38c7d88 EFLAGS: 00010246\nRAX: ffff97af2be61000 RBX: ffff97af234f1700 RCX: 0000000000000040\nRDX: 0000000000000000 RSI: ffff97aecfb04820 RDI: ffff97af234f1700\nRBP: 0000000000000000 R08: 0000000000200030 R09: 0000000000000020\nR10: ffffb7bec38c7dc8 R11: 000000000000c000 R12: ffffb7bec38c7db8\nR13: ffff97aecfb05800 R14: ffff97aecfb05800 R15: ffff97af2be5e000\nFS: 00007f852f74b740(0000) GS:ffff97b1eeec0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000000000b0 CR3: 000000016deab005 CR4: 0000000000370ef0\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x1f/0x60\n ? page_fault_oops+0x14d/0x420\n ? do_user_addr_fault+0x61/0x6a0\n ? exc_page_fault+0x6c/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? io_buffer_select+0xc3/0x210\n __io_import_iovec+0xb5/0x120\n io_readv_prep_async+0x36/0x70\n io_queue_sqe_fallback+0x20/0x260\n io_submit_sqes+0x314/0x630\n __do_sys_io_uring_enter+0x339/0xbc0\n ? __do_sys_io_uring_register+0x11b/0xc50\n ? vm_mmap_pgoff+0xce/0x160\n do_syscall_64+0x5f/0x180\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x55e0a110a67e\nCode: ba cc 00 00 00 45 31 c0 44 0f b6 92 d0 00 00 00 31 d2 41 b9 08 00 00 00 41 83 e2 01 41 c1 e2 04 41 09 c2 b8 aa 01 00 00 0f 05 \u003cc3\u003e 90 89 30 eb a9 0f 1f 40 00 48 8b 42 20 8b 00 a8 06 75 af 85 f6\n\nbecause the request is marked forced ASYNC and has a bad file fd, and\nhence takes the forced async prep path.\n\nCurrent kernels with the request async prep cleaned up can no longer hit\nthis issue, but for ease of backporting, let\u0027s add this safety check in\nhere too as it really doesn\u0027t hurt. For both cases, this will inevitably\nend with a CQE posted with -EBADF."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:16:17.485Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c2844d5e58576c55d8e8d4a9f74902d3f7be8044"
},
{
"url": "https://git.kernel.org/stable/c/43cfac7b88adedfb26c27834386992650f1642f3"
},
{
"url": "https://git.kernel.org/stable/c/65561b4c1c9e01443cb76387eb36a9109e7048ee"
},
{
"url": "https://git.kernel.org/stable/c/5fc16fa5f13b3c06fdb959ef262050bd810416a2"
}
],
"title": "io_uring: check for non-NULL file pointer in io_file_can_poll()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39371",
"datePublished": "2024-06-25T14:22:42.919Z",
"dateReserved": "2024-06-24T13:54:11.039Z",
"dateUpdated": "2025-05-04T09:16:17.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35892 (GCVE-0-2024-35892)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()
qdisc_tree_reduce_backlog() is called with the qdisc lock held,
not RTNL.
We must use qdisc_lookup_rcu() instead of qdisc_lookup()
syzbot reported:
WARNING: suspicious RCU usage
6.1.74-syzkaller #0 Not tainted
-----------------------------
net/sched/sch_api.c:305 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
3 locks held by udevd/1142:
#0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:306 [inline]
#0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]
#0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: net_tx_action+0x64a/0x970 net/core/dev.c:5282
#1: ffff888171861108 (&sch->q.lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline]
#1: ffff888171861108 (&sch->q.lock){+.-.}-{2:2}, at: net_tx_action+0x754/0x970 net/core/dev.c:5297
#2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:306 [inline]
#2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]
#2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: qdisc_tree_reduce_backlog+0x84/0x580 net/sched/sch_api.c:792
stack backtrace:
CPU: 1 PID: 1142 Comm: udevd Not tainted 6.1.74-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
<TASK>
[<ffffffff85b85f14>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff85b85f14>] dump_stack_lvl+0x1b1/0x28f lib/dump_stack.c:106
[<ffffffff85b86007>] dump_stack+0x15/0x1e lib/dump_stack.c:113
[<ffffffff81802299>] lockdep_rcu_suspicious+0x1b9/0x260 kernel/locking/lockdep.c:6592
[<ffffffff84f0054c>] qdisc_lookup+0xac/0x6f0 net/sched/sch_api.c:305
[<ffffffff84f037c3>] qdisc_tree_reduce_backlog+0x243/0x580 net/sched/sch_api.c:811
[<ffffffff84f5b78c>] pfifo_tail_enqueue+0x32c/0x4b0 net/sched/sch_fifo.c:51
[<ffffffff84fbcf63>] qdisc_enqueue include/net/sch_generic.h:833 [inline]
[<ffffffff84fbcf63>] netem_dequeue+0xeb3/0x15d0 net/sched/sch_netem.c:723
[<ffffffff84eecab9>] dequeue_skb net/sched/sch_generic.c:292 [inline]
[<ffffffff84eecab9>] qdisc_restart net/sched/sch_generic.c:397 [inline]
[<ffffffff84eecab9>] __qdisc_run+0x249/0x1e60 net/sched/sch_generic.c:415
[<ffffffff84d7aa96>] qdisc_run+0xd6/0x260 include/net/pkt_sched.h:125
[<ffffffff84d85d29>] net_tx_action+0x7c9/0x970 net/core/dev.c:5313
[<ffffffff85e002bd>] __do_softirq+0x2bd/0x9bd kernel/softirq.c:616
[<ffffffff81568bca>] invoke_softirq kernel/softirq.c:447 [inline]
[<ffffffff81568bca>] __irq_exit_rcu+0xca/0x230 kernel/softirq.c:700
[<ffffffff81568ae9>] irq_exit_rcu+0x9/0x20 kernel/softirq.c:712
[<ffffffff85b89f52>] sysvec_apic_timer_interrupt+0x42/0x90 arch/x86/kernel/apic/apic.c:1107
[<ffffffff85c00ccb>] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:656
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T19:36:07.702598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:22.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7d1ce2cc7192e8a037faa3f5d3ba72c25976460"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c040b99461a5bfc14c2d0cbb1780fcc3a4706c7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07696415526bee0607e495017369c7303a4792e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7eb322360b0266481e560d1807ee79e0cef5742b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b7d1ce2cc7192e8a037faa3f5d3ba72c25976460",
"status": "affected",
"version": "9d9a38b5639fcefacc1e977567fb4b4e4a74d0b3",
"versionType": "git"
},
{
"lessThan": "c040b99461a5bfc14c2d0cbb1780fcc3a4706c7e",
"status": "affected",
"version": "d636fc5dd692c8f4e00ae6e0359c0eceeb5d9bdb",
"versionType": "git"
},
{
"lessThan": "07696415526bee0607e495017369c7303a4792e1",
"status": "affected",
"version": "d636fc5dd692c8f4e00ae6e0359c0eceeb5d9bdb",
"versionType": "git"
},
{
"lessThan": "7eb322360b0266481e560d1807ee79e0cef5742b",
"status": "affected",
"version": "d636fc5dd692c8f4e00ae6e0359c0eceeb5d9bdb",
"versionType": "git"
},
{
"status": "affected",
"version": "3a4741bb13caf482b877b10ac1bcf7390cad7077",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "6.1.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix lockdep splat in qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() is called with the qdisc lock held,\nnot RTNL.\n\nWe must use qdisc_lookup_rcu() instead of qdisc_lookup()\n\nsyzbot reported:\n\nWARNING: suspicious RCU usage\n6.1.74-syzkaller #0 Not tainted\n-----------------------------\nnet/sched/sch_api.c:305 suspicious rcu_dereference_protected() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n3 locks held by udevd/1142:\n #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:306 [inline]\n #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]\n #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: net_tx_action+0x64a/0x970 net/core/dev.c:5282\n #1: ffff888171861108 (\u0026sch-\u003eq.lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline]\n #1: ffff888171861108 (\u0026sch-\u003eq.lock){+.-.}-{2:2}, at: net_tx_action+0x754/0x970 net/core/dev.c:5297\n #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:306 [inline]\n #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]\n #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: qdisc_tree_reduce_backlog+0x84/0x580 net/sched/sch_api.c:792\n\nstack backtrace:\nCPU: 1 PID: 1142 Comm: udevd Not tainted 6.1.74-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall Trace:\n \u003cTASK\u003e\n [\u003cffffffff85b85f14\u003e] __dump_stack lib/dump_stack.c:88 [inline]\n [\u003cffffffff85b85f14\u003e] dump_stack_lvl+0x1b1/0x28f lib/dump_stack.c:106\n [\u003cffffffff85b86007\u003e] dump_stack+0x15/0x1e lib/dump_stack.c:113\n [\u003cffffffff81802299\u003e] lockdep_rcu_suspicious+0x1b9/0x260 kernel/locking/lockdep.c:6592\n [\u003cffffffff84f0054c\u003e] qdisc_lookup+0xac/0x6f0 net/sched/sch_api.c:305\n [\u003cffffffff84f037c3\u003e] qdisc_tree_reduce_backlog+0x243/0x580 net/sched/sch_api.c:811\n [\u003cffffffff84f5b78c\u003e] pfifo_tail_enqueue+0x32c/0x4b0 net/sched/sch_fifo.c:51\n [\u003cffffffff84fbcf63\u003e] qdisc_enqueue include/net/sch_generic.h:833 [inline]\n [\u003cffffffff84fbcf63\u003e] netem_dequeue+0xeb3/0x15d0 net/sched/sch_netem.c:723\n [\u003cffffffff84eecab9\u003e] dequeue_skb net/sched/sch_generic.c:292 [inline]\n [\u003cffffffff84eecab9\u003e] qdisc_restart net/sched/sch_generic.c:397 [inline]\n [\u003cffffffff84eecab9\u003e] __qdisc_run+0x249/0x1e60 net/sched/sch_generic.c:415\n [\u003cffffffff84d7aa96\u003e] qdisc_run+0xd6/0x260 include/net/pkt_sched.h:125\n [\u003cffffffff84d85d29\u003e] net_tx_action+0x7c9/0x970 net/core/dev.c:5313\n [\u003cffffffff85e002bd\u003e] __do_softirq+0x2bd/0x9bd kernel/softirq.c:616\n [\u003cffffffff81568bca\u003e] invoke_softirq kernel/softirq.c:447 [inline]\n [\u003cffffffff81568bca\u003e] __irq_exit_rcu+0xca/0x230 kernel/softirq.c:700\n [\u003cffffffff81568ae9\u003e] irq_exit_rcu+0x9/0x20 kernel/softirq.c:712\n [\u003cffffffff85b89f52\u003e] sysvec_apic_timer_interrupt+0x42/0x90 arch/x86/kernel/apic/apic.c:1107\n [\u003cffffffff85c00ccb\u003e] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:656"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:01.353Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b7d1ce2cc7192e8a037faa3f5d3ba72c25976460"
},
{
"url": "https://git.kernel.org/stable/c/c040b99461a5bfc14c2d0cbb1780fcc3a4706c7e"
},
{
"url": "https://git.kernel.org/stable/c/07696415526bee0607e495017369c7303a4792e1"
},
{
"url": "https://git.kernel.org/stable/c/7eb322360b0266481e560d1807ee79e0cef5742b"
}
],
"title": "net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35892",
"datePublished": "2024-05-19T08:34:47.914Z",
"dateReserved": "2024-05-17T13:50:33.113Z",
"dateUpdated": "2025-05-04T12:56:01.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52850 (GCVE-0-2023-52850)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: hantro: Check whether reset op is defined before use
The i.MX8MM/N/P does not define the .reset op since reset of the VPU is
done by genpd. Check whether the .reset op is defined before calling it
to avoid NULL pointer dereference.
Note that the Fixes tag is set to the commit which removed the reset op
from i.MX8M Hantro G2 implementation, this is because before this commit
all the implementations did define the .reset op.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:57:58.496286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:55.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64f55cebb4339ae771e9e7f3f42bee2489e2fa00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/66b4c5f980d741f3a47e4b65eeaf2797f2d59294"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24c06295f28335ced3aad53dd4b0a0bae7b9b100"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88d4b23a629ebd34f682f770cb6c2116c851f7b8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/verisilicon/hantro_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "64f55cebb4339ae771e9e7f3f42bee2489e2fa00",
"status": "affected",
"version": "6971efb70ac3e43d19bf33ef5f83bea0271831ee",
"versionType": "git"
},
{
"lessThan": "66b4c5f980d741f3a47e4b65eeaf2797f2d59294",
"status": "affected",
"version": "6971efb70ac3e43d19bf33ef5f83bea0271831ee",
"versionType": "git"
},
{
"lessThan": "24c06295f28335ced3aad53dd4b0a0bae7b9b100",
"status": "affected",
"version": "6971efb70ac3e43d19bf33ef5f83bea0271831ee",
"versionType": "git"
},
{
"lessThan": "88d4b23a629ebd34f682f770cb6c2116c851f7b8",
"status": "affected",
"version": "6971efb70ac3e43d19bf33ef5f83bea0271831ee",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/verisilicon/hantro_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: hantro: Check whether reset op is defined before use\n\nThe i.MX8MM/N/P does not define the .reset op since reset of the VPU is\ndone by genpd. Check whether the .reset op is defined before calling it\nto avoid NULL pointer dereference.\n\nNote that the Fixes tag is set to the commit which removed the reset op\nfrom i.MX8M Hantro G2 implementation, this is because before this commit\nall the implementations did define the .reset op."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:17.700Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/64f55cebb4339ae771e9e7f3f42bee2489e2fa00"
},
{
"url": "https://git.kernel.org/stable/c/66b4c5f980d741f3a47e4b65eeaf2797f2d59294"
},
{
"url": "https://git.kernel.org/stable/c/24c06295f28335ced3aad53dd4b0a0bae7b9b100"
},
{
"url": "https://git.kernel.org/stable/c/88d4b23a629ebd34f682f770cb6c2116c851f7b8"
}
],
"title": "media: hantro: Check whether reset op is defined before use",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52850",
"datePublished": "2024-05-21T15:31:46.545Z",
"dateReserved": "2024-05-21T15:19:24.255Z",
"dateUpdated": "2025-05-04T07:44:17.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52856 (GCVE-0-2023-52856)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: lt8912b: Fix crash on bridge detach
The lt8912b driver, in its bridge detach function, calls
drm_connector_unregister() and drm_connector_cleanup().
drm_connector_unregister() should be called only for connectors
explicitly registered with drm_connector_register(), which is not the
case in lt8912b.
The driver's drm_connector_funcs.destroy hook is set to
drm_connector_cleanup().
Thus the driver should not call either drm_connector_unregister() nor
drm_connector_cleanup() in its lt8912_bridge_detach(), as they cause a
crash on bridge detach:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=00000000858f3000
[0000000000000000] pgd=0800000085918003, p4d=0800000085918003, pud=0800000085431003, pmd=0000000000000000
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in: tidss(-) display_connector lontium_lt8912b tc358768 panel_lvds panel_simple drm_dma_helper drm_kms_helper drm drm_panel_orientation_quirks
CPU: 3 PID: 462 Comm: rmmod Tainted: G W 6.5.0-rc2+ #2
Hardware name: Toradex Verdin AM62 on Verdin Development Board (DT)
pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : drm_connector_cleanup+0x78/0x2d4 [drm]
lr : lt8912_bridge_detach+0x54/0x6c [lontium_lt8912b]
sp : ffff800082ed3a90
x29: ffff800082ed3a90 x28: ffff0000040c1940 x27: 0000000000000000
x26: 0000000000000000 x25: dead000000000122 x24: dead000000000122
x23: dead000000000100 x22: ffff000003fb6388 x21: 0000000000000000
x20: 0000000000000000 x19: ffff000003fb6260 x18: fffffffffffe56e8
x17: 0000000000000000 x16: 0010000000000000 x15: 0000000000000038
x14: 0000000000000000 x13: ffff800081914b48 x12: 000000000000040e
x11: 000000000000015a x10: ffff80008196ebb8 x9 : ffff800081914b48
x8 : 00000000ffffefff x7 : ffff0000040c1940 x6 : ffff80007aa649d0
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80008159e008
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
drm_connector_cleanup+0x78/0x2d4 [drm]
lt8912_bridge_detach+0x54/0x6c [lontium_lt8912b]
drm_bridge_detach+0x44/0x84 [drm]
drm_encoder_cleanup+0x40/0xb8 [drm]
drmm_encoder_alloc_release+0x1c/0x30 [drm]
drm_managed_release+0xac/0x148 [drm]
drm_dev_put.part.0+0x88/0xb8 [drm]
devm_drm_dev_init_release+0x14/0x24 [drm]
devm_action_release+0x14/0x20
release_nodes+0x5c/0x90
devres_release_all+0x8c/0xe0
device_unbind_cleanup+0x18/0x68
device_release_driver_internal+0x208/0x23c
driver_detach+0x4c/0x94
bus_remove_driver+0x70/0xf4
driver_unregister+0x30/0x60
platform_driver_unregister+0x14/0x20
tidss_platform_driver_exit+0x18/0xb2c [tidss]
__arm64_sys_delete_module+0x1a0/0x2b4
invoke_syscall+0x48/0x110
el0_svc_common.constprop.0+0x60/0x10c
do_el0_svc_compat+0x1c/0x40
el0_svc_compat+0x40/0xac
el0t_32_sync_handler+0xb0/0x138
el0t_32_sync+0x194/0x198
Code: 9104a276 f2fbd5b7 aa0203e1 91008af8 (f85c0420)
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T18:18:14.046128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:17.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42071feab712ba2a139b8928f7e0f8d3a6fc719e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7bf0cb8f40280a85034990dfe42be8ca8f80f37a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fcd9895e365474709844eeb31cfe53d912c3596e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b65e3249f3ca96e3c736af889461d80d675feab6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/44283993144a03af9df31934d6c32bbd42d1a347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/bridge/lontium-lt8912b.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "42071feab712ba2a139b8928f7e0f8d3a6fc719e",
"status": "affected",
"version": "30e2ae943c260036ea494b601343f6ed5ce7bc60",
"versionType": "git"
},
{
"lessThan": "7bf0cb8f40280a85034990dfe42be8ca8f80f37a",
"status": "affected",
"version": "30e2ae943c260036ea494b601343f6ed5ce7bc60",
"versionType": "git"
},
{
"lessThan": "fcd9895e365474709844eeb31cfe53d912c3596e",
"status": "affected",
"version": "30e2ae943c260036ea494b601343f6ed5ce7bc60",
"versionType": "git"
},
{
"lessThan": "b65e3249f3ca96e3c736af889461d80d675feab6",
"status": "affected",
"version": "30e2ae943c260036ea494b601343f6ed5ce7bc60",
"versionType": "git"
},
{
"lessThan": "44283993144a03af9df31934d6c32bbd42d1a347",
"status": "affected",
"version": "30e2ae943c260036ea494b601343f6ed5ce7bc60",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/bridge/lontium-lt8912b.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: lt8912b: Fix crash on bridge detach\n\nThe lt8912b driver, in its bridge detach function, calls\ndrm_connector_unregister() and drm_connector_cleanup().\n\ndrm_connector_unregister() should be called only for connectors\nexplicitly registered with drm_connector_register(), which is not the\ncase in lt8912b.\n\nThe driver\u0027s drm_connector_funcs.destroy hook is set to\ndrm_connector_cleanup().\n\nThus the driver should not call either drm_connector_unregister() nor\ndrm_connector_cleanup() in its lt8912_bridge_detach(), as they cause a\ncrash on bridge detach:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\nMem abort info:\n ESR = 0x0000000096000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=00000000858f3000\n[0000000000000000] pgd=0800000085918003, p4d=0800000085918003, pud=0800000085431003, pmd=0000000000000000\nInternal error: Oops: 0000000096000006 [#1] PREEMPT SMP\nModules linked in: tidss(-) display_connector lontium_lt8912b tc358768 panel_lvds panel_simple drm_dma_helper drm_kms_helper drm drm_panel_orientation_quirks\nCPU: 3 PID: 462 Comm: rmmod Tainted: G W 6.5.0-rc2+ #2\nHardware name: Toradex Verdin AM62 on Verdin Development Board (DT)\npstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : drm_connector_cleanup+0x78/0x2d4 [drm]\nlr : lt8912_bridge_detach+0x54/0x6c [lontium_lt8912b]\nsp : ffff800082ed3a90\nx29: ffff800082ed3a90 x28: ffff0000040c1940 x27: 0000000000000000\nx26: 0000000000000000 x25: dead000000000122 x24: dead000000000122\nx23: dead000000000100 x22: ffff000003fb6388 x21: 0000000000000000\nx20: 0000000000000000 x19: ffff000003fb6260 x18: fffffffffffe56e8\nx17: 0000000000000000 x16: 0010000000000000 x15: 0000000000000038\nx14: 0000000000000000 x13: ffff800081914b48 x12: 000000000000040e\nx11: 000000000000015a x10: ffff80008196ebb8 x9 : ffff800081914b48\nx8 : 00000000ffffefff x7 : ffff0000040c1940 x6 : ffff80007aa649d0\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80008159e008\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\nCall trace:\n drm_connector_cleanup+0x78/0x2d4 [drm]\n lt8912_bridge_detach+0x54/0x6c [lontium_lt8912b]\n drm_bridge_detach+0x44/0x84 [drm]\n drm_encoder_cleanup+0x40/0xb8 [drm]\n drmm_encoder_alloc_release+0x1c/0x30 [drm]\n drm_managed_release+0xac/0x148 [drm]\n drm_dev_put.part.0+0x88/0xb8 [drm]\n devm_drm_dev_init_release+0x14/0x24 [drm]\n devm_action_release+0x14/0x20\n release_nodes+0x5c/0x90\n devres_release_all+0x8c/0xe0\n device_unbind_cleanup+0x18/0x68\n device_release_driver_internal+0x208/0x23c\n driver_detach+0x4c/0x94\n bus_remove_driver+0x70/0xf4\n driver_unregister+0x30/0x60\n platform_driver_unregister+0x14/0x20\n tidss_platform_driver_exit+0x18/0xb2c [tidss]\n __arm64_sys_delete_module+0x1a0/0x2b4\n invoke_syscall+0x48/0x110\n el0_svc_common.constprop.0+0x60/0x10c\n do_el0_svc_compat+0x1c/0x40\n el0_svc_compat+0x40/0xac\n el0t_32_sync_handler+0xb0/0x138\n el0t_32_sync+0x194/0x198\nCode: 9104a276 f2fbd5b7 aa0203e1 91008af8 (f85c0420)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:24.755Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/42071feab712ba2a139b8928f7e0f8d3a6fc719e"
},
{
"url": "https://git.kernel.org/stable/c/7bf0cb8f40280a85034990dfe42be8ca8f80f37a"
},
{
"url": "https://git.kernel.org/stable/c/fcd9895e365474709844eeb31cfe53d912c3596e"
},
{
"url": "https://git.kernel.org/stable/c/b65e3249f3ca96e3c736af889461d80d675feab6"
},
{
"url": "https://git.kernel.org/stable/c/44283993144a03af9df31934d6c32bbd42d1a347"
}
],
"title": "drm/bridge: lt8912b: Fix crash on bridge detach",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52856",
"datePublished": "2024-05-21T15:31:50.569Z",
"dateReserved": "2024-05-21T15:19:24.257Z",
"dateUpdated": "2025-05-04T07:44:24.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27414 (GCVE-0-2024-27414)
Vulnerability from cvelistv5
Published
2024-05-17 11:50
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
In the commit d73ef2d69c0d ("rtnetlink: let rtnl_bridge_setlink checks
IFLA_BRIDGE_MODE length"), an adjustment was made to the old loop logic
in the function `rtnl_bridge_setlink` to enable the loop to also check
the length of the IFLA_BRIDGE_MODE attribute. However, this adjustment
removed the `break` statement and led to an error logic of the flags
writing back at the end of this function.
if (have_flags)
memcpy(nla_data(attr), &flags, sizeof(flags));
// attr should point to IFLA_BRIDGE_FLAGS NLA !!!
Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.
However, this is not necessarily true fow now as the updated loop will let
the attr point to the last NLA, even an invalid NLA which could cause
overflow writes.
This patch introduces a new variable `br_flag` to save the NLA pointer
that points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentioned
error logic.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ad46d4861ed36315d3d9e838723ba3e367ecc042 Version: abb0172fa8dc4a4ec51aa992b7269ed65959f310 Version: 047508edd602921ee8bb0f2aa2100aa2e9bedc75 Version: 8dfac8071d58447e5cace4c4c6fe493ce2f615f6 Version: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f Version: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f Version: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f Version: 00757f58e37b2d9a6f99e15be484712390cd2bab |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:56:59.979228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:58.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9fbc44159dfc3e9a7073032752d9e03f5194a6f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/882a51a10ecf24ce135d573afa0872aef02c5125"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1227b27fcccc99dc44f912b479e01a17e2d7d31"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2261eb994aa5757c1da046b78e3229a3ece0ad9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/167d8642daa6a44b51de17f8ff0f584e1e762db7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/831bc2728fb48a8957a824cba8c264b30dca1425"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/743ad091fb46e622f1b690385bb15e3cd3daf874"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/rtnetlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b9fbc44159dfc3e9a7073032752d9e03f5194a6f",
"status": "affected",
"version": "ad46d4861ed36315d3d9e838723ba3e367ecc042",
"versionType": "git"
},
{
"lessThan": "882a51a10ecf24ce135d573afa0872aef02c5125",
"status": "affected",
"version": "abb0172fa8dc4a4ec51aa992b7269ed65959f310",
"versionType": "git"
},
{
"lessThan": "a1227b27fcccc99dc44f912b479e01a17e2d7d31",
"status": "affected",
"version": "047508edd602921ee8bb0f2aa2100aa2e9bedc75",
"versionType": "git"
},
{
"lessThan": "f2261eb994aa5757c1da046b78e3229a3ece0ad9",
"status": "affected",
"version": "8dfac8071d58447e5cace4c4c6fe493ce2f615f6",
"versionType": "git"
},
{
"lessThan": "167d8642daa6a44b51de17f8ff0f584e1e762db7",
"status": "affected",
"version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
"versionType": "git"
},
{
"lessThan": "831bc2728fb48a8957a824cba8c264b30dca1425",
"status": "affected",
"version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
"versionType": "git"
},
{
"lessThan": "743ad091fb46e622f1b690385bb15e3cd3daf874",
"status": "affected",
"version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
"versionType": "git"
},
{
"status": "affected",
"version": "00757f58e37b2d9a6f99e15be484712390cd2bab",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/rtnetlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "5.4.253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.10.190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.15.126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "6.1.45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back\n\nIn the commit d73ef2d69c0d (\"rtnetlink: let rtnl_bridge_setlink checks\nIFLA_BRIDGE_MODE length\"), an adjustment was made to the old loop logic\nin the function `rtnl_bridge_setlink` to enable the loop to also check\nthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustment\nremoved the `break` statement and led to an error logic of the flags\nwriting back at the end of this function.\n\nif (have_flags)\n memcpy(nla_data(attr), \u0026flags, sizeof(flags));\n // attr should point to IFLA_BRIDGE_FLAGS NLA !!!\n\nBefore the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.\nHowever, this is not necessarily true fow now as the updated loop will let\nthe attr point to the last NLA, even an invalid NLA which could cause\noverflow writes.\n\nThis patch introduces a new variable `br_flag` to save the NLA pointer\nthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentioned\nerror logic."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:42.575Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b9fbc44159dfc3e9a7073032752d9e03f5194a6f"
},
{
"url": "https://git.kernel.org/stable/c/882a51a10ecf24ce135d573afa0872aef02c5125"
},
{
"url": "https://git.kernel.org/stable/c/a1227b27fcccc99dc44f912b479e01a17e2d7d31"
},
{
"url": "https://git.kernel.org/stable/c/f2261eb994aa5757c1da046b78e3229a3ece0ad9"
},
{
"url": "https://git.kernel.org/stable/c/167d8642daa6a44b51de17f8ff0f584e1e762db7"
},
{
"url": "https://git.kernel.org/stable/c/831bc2728fb48a8957a824cba8c264b30dca1425"
},
{
"url": "https://git.kernel.org/stable/c/743ad091fb46e622f1b690385bb15e3cd3daf874"
}
],
"title": "rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27414",
"datePublished": "2024-05-17T11:50:57.207Z",
"dateReserved": "2024-02-25T13:47:42.682Z",
"dateUpdated": "2025-05-04T12:55:42.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36477 (GCVE-0-2024-36477)
Vulnerability from cvelistv5
Published
2024-06-21 11:18
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer
The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the
maximum transfer length and the size of the transfer buffer. As such, it
does not account for the 4 bytes of header that prepends the SPI data
frame. This can result in out-of-bounds accesses and was confirmed with
KASAN.
Introduce SPI_HDRSIZE to account for the header and use to allocate the
transfer buffer.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T13:25:38.377073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T13:25:50.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1547183852dcdfcc25878db7dd3620509217b0cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de13c56f99477b56980c7e00b09c776d16b7563d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/195aba96b854dd664768f382cd1db375d8181f88"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/tpm_tis_spi_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1547183852dcdfcc25878db7dd3620509217b0cd",
"status": "affected",
"version": "a86a42ac2bd652fdc7836a9d880c306a2485c142",
"versionType": "git"
},
{
"lessThan": "de13c56f99477b56980c7e00b09c776d16b7563d",
"status": "affected",
"version": "a86a42ac2bd652fdc7836a9d880c306a2485c142",
"versionType": "git"
},
{
"lessThan": "195aba96b854dd664768f382cd1db375d8181f88",
"status": "affected",
"version": "a86a42ac2bd652fdc7836a9d880c306a2485c142",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/tpm_tis_spi_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer\n\nThe TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the\nmaximum transfer length and the size of the transfer buffer. As such, it\ndoes not account for the 4 bytes of header that prepends the SPI data\nframe. This can result in out-of-bounds accesses and was confirmed with\nKASAN.\n\nIntroduce SPI_HDRSIZE to account for the header and use to allocate the\ntransfer buffer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:06.625Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1547183852dcdfcc25878db7dd3620509217b0cd"
},
{
"url": "https://git.kernel.org/stable/c/de13c56f99477b56980c7e00b09c776d16b7563d"
},
{
"url": "https://git.kernel.org/stable/c/195aba96b854dd664768f382cd1db375d8181f88"
}
],
"title": "tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36477",
"datePublished": "2024-06-21T11:18:46.822Z",
"dateReserved": "2024-06-21T11:16:40.603Z",
"dateUpdated": "2025-05-04T09:11:06.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52774 (GCVE-0-2023-52774)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: protect device queue against concurrent access
In dasd_profile_start() the amount of requests on the device queue are
counted. The access to the device queue is unprotected against
concurrent access. With a lot of parallel I/O, especially with alias
devices enabled, the device queue can change while dasd_profile_start()
is accessing the queue. In the worst case this leads to a kernel panic
due to incorrect pointer accesses.
Fix this by taking the device lock before accessing the queue and
counting the requests. Additionally the check for a valid profile data
pointer can be done earlier to avoid unnecessary locking in a hot path.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ebdc569a07a3e8dbe66b4184922ad6f88ac0b96f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f75617cc8df4155374132f0b500b0b3ebb967458"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1ac7789406e2ca9ac51c41ad2daa597f47bdd4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c841de6247e94e07566d57163d3c0d8b29278f7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6062c527d0403cef27c54b91ac8390c3a497b250"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc96fde8fcb2b896fd6c64802a7f4ece2e69b0be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9372aab5d0ff621ea203c8c603e7e5f75e888240"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/db46cd1e0426f52999d50fa72cfa97fa39952885"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:56.558292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:55.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/block/dasd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ebdc569a07a3e8dbe66b4184922ad6f88ac0b96f",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
},
{
"lessThan": "f75617cc8df4155374132f0b500b0b3ebb967458",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
},
{
"lessThan": "f1ac7789406e2ca9ac51c41ad2daa597f47bdd4d",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
},
{
"lessThan": "c841de6247e94e07566d57163d3c0d8b29278f7a",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
},
{
"lessThan": "6062c527d0403cef27c54b91ac8390c3a497b250",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
},
{
"lessThan": "dc96fde8fcb2b896fd6c64802a7f4ece2e69b0be",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
},
{
"lessThan": "9372aab5d0ff621ea203c8c603e7e5f75e888240",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
},
{
"lessThan": "db46cd1e0426f52999d50fa72cfa97fa39952885",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/block/dasd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.1"
},
{
"lessThan": "3.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.332",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.263",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.141",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.65",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.332",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.301",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.263",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.203",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.141",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.65",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.4",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: protect device queue against concurrent access\n\nIn dasd_profile_start() the amount of requests on the device queue are\ncounted. The access to the device queue is unprotected against\nconcurrent access. With a lot of parallel I/O, especially with alias\ndevices enabled, the device queue can change while dasd_profile_start()\nis accessing the queue. In the worst case this leads to a kernel panic\ndue to incorrect pointer accesses.\n\nFix this by taking the device lock before accessing the queue and\ncounting the requests. Additionally the check for a valid profile data\npointer can be done earlier to avoid unnecessary locking in a hot path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:57.731Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ebdc569a07a3e8dbe66b4184922ad6f88ac0b96f"
},
{
"url": "https://git.kernel.org/stable/c/f75617cc8df4155374132f0b500b0b3ebb967458"
},
{
"url": "https://git.kernel.org/stable/c/f1ac7789406e2ca9ac51c41ad2daa597f47bdd4d"
},
{
"url": "https://git.kernel.org/stable/c/c841de6247e94e07566d57163d3c0d8b29278f7a"
},
{
"url": "https://git.kernel.org/stable/c/6062c527d0403cef27c54b91ac8390c3a497b250"
},
{
"url": "https://git.kernel.org/stable/c/dc96fde8fcb2b896fd6c64802a7f4ece2e69b0be"
},
{
"url": "https://git.kernel.org/stable/c/9372aab5d0ff621ea203c8c603e7e5f75e888240"
},
{
"url": "https://git.kernel.org/stable/c/db46cd1e0426f52999d50fa72cfa97fa39952885"
}
],
"title": "s390/dasd: protect device queue against concurrent access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52774",
"datePublished": "2024-05-21T15:30:55.593Z",
"dateReserved": "2024-05-21T15:19:24.239Z",
"dateUpdated": "2025-05-04T07:42:57.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35880 (GCVE-0-2024-35880)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring/kbuf: hold io_buffer_list reference over mmap
If we look up the kbuf, ensure that it doesn't get unregistered until
after we're done with it. Since we're inside mmap, we cannot safely use
the io_uring lock. Rely on the fact that we can lookup the buffer list
under RCU now and grab a reference to it, preventing it from being
unregistered until we're done with it. The lookup returns the
io_buffer_list directly with it referenced.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.7:-:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6.7"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "65938e81df21",
"status": "affected",
"version": "09f7520048ea",
"versionType": "git"
},
{
"lessThan": "5fd8e2359498",
"status": "affected",
"version": "5cf4f52e6d8a",
"versionType": "git"
},
{
"lessThan": "561e4f9451d6",
"status": "affected",
"version": "5cf4f52e6d8a",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T03:55:54.843818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T13:23:38.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65938e81df2197203bda4b9a0c477e7987218d66"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5fd8e2359498043e0b5329a05f02d10a9eb91eb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/561e4f9451d65fc2f7eef564e0064373e3019793"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"io_uring/io_uring.c",
"io_uring/kbuf.c",
"io_uring/kbuf.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "65938e81df2197203bda4b9a0c477e7987218d66",
"status": "affected",
"version": "09f7520048eaaee9709091cd2787966f807da7c5",
"versionType": "git"
},
{
"lessThan": "5fd8e2359498043e0b5329a05f02d10a9eb91eb9",
"status": "affected",
"version": "5cf4f52e6d8aa2d3b7728f568abbf9d42a3af252",
"versionType": "git"
},
{
"lessThan": "561e4f9451d65fc2f7eef564e0064373e3019793",
"status": "affected",
"version": "5cf4f52e6d8aa2d3b7728f568abbf9d42a3af252",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"io_uring/io_uring.c",
"io_uring/kbuf.c",
"io_uring/kbuf.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "6.6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: hold io_buffer_list reference over mmap\n\nIf we look up the kbuf, ensure that it doesn\u0027t get unregistered until\nafter we\u0027re done with it. Since we\u0027re inside mmap, we cannot safely use\nthe io_uring lock. Rely on the fact that we can lookup the buffer list\nunder RCU now and grab a reference to it, preventing it from being\nunregistered until we\u0027re done with it. The lookup returns the\nio_buffer_list directly with it referenced."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:30.099Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/65938e81df2197203bda4b9a0c477e7987218d66"
},
{
"url": "https://git.kernel.org/stable/c/5fd8e2359498043e0b5329a05f02d10a9eb91eb9"
},
{
"url": "https://git.kernel.org/stable/c/561e4f9451d65fc2f7eef564e0064373e3019793"
}
],
"title": "io_uring/kbuf: hold io_buffer_list reference over mmap",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35880",
"datePublished": "2024-05-19T08:34:37.262Z",
"dateReserved": "2024-05-17T13:50:33.111Z",
"dateUpdated": "2025-05-04T09:07:30.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38381 (GCVE-0-2024-38381)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: Fix uninit-value in nci_rx_work
syzbot reported the following uninit-value access issue [1]
nci_rx_work() parses received packet from ndev->rx_q. It should be
validated header size, payload size and total packet size before
processing the packet. If an invalid packet is detected, it should be
silently discarded.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 11387b2effbb55f58dc2111ef4b4b896f2756240 Version: 03fe259649a551d336a7f20919b641ea100e3fff Version: 755e53bbc61bc1aff90eafa64c8c2464fd3dfa3c Version: ac68d9fa09e410fa3ed20fb721d56aa558695e16 Version: b51ec7fc9f877ef869c01d3ea6f18f6a64e831a7 Version: a946ebee45b09294c8b0b0e77410b763c4d2817a Version: d24b03535e5eb82e025219c2f632b485409c898f Version: d24b03535e5eb82e025219c2f632b485409c898f Version: 8948e30de81faee87eeee01ef42a1f6008f5a83a |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:25.051432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:45.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "406cfac9debd4a6d3dc5d9258ee086372a8c08b6",
"status": "affected",
"version": "11387b2effbb55f58dc2111ef4b4b896f2756240",
"versionType": "git"
},
{
"lessThan": "485ded868ed62ceb2acb3a459d7843fd71472619",
"status": "affected",
"version": "03fe259649a551d336a7f20919b641ea100e3fff",
"versionType": "git"
},
{
"lessThan": "f80b786ab0550d0020191a59077b2c7e069db2d1",
"status": "affected",
"version": "755e53bbc61bc1aff90eafa64c8c2464fd3dfa3c",
"versionType": "git"
},
{
"lessThan": "ad4d196d2008c7f413167f0a693feb4f0439d7fe",
"status": "affected",
"version": "ac68d9fa09e410fa3ed20fb721d56aa558695e16",
"versionType": "git"
},
{
"lessThan": "e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3",
"status": "affected",
"version": "b51ec7fc9f877ef869c01d3ea6f18f6a64e831a7",
"versionType": "git"
},
{
"lessThan": "e53a7f8afcbd2886f2a94c5d56757328109730ea",
"status": "affected",
"version": "a946ebee45b09294c8b0b0e77410b763c4d2817a",
"versionType": "git"
},
{
"lessThan": "017ff397624930fd7ac7f1761f3c9d6a7100f68c",
"status": "affected",
"version": "d24b03535e5eb82e025219c2f632b485409c898f",
"versionType": "git"
},
{
"lessThan": "e4a87abf588536d1cdfb128595e6e680af5cf3ed",
"status": "affected",
"version": "d24b03535e5eb82e025219c2f632b485409c898f",
"versionType": "git"
},
{
"status": "affected",
"version": "8948e30de81faee87eeee01ef42a1f6008f5a83a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.19.312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "5.4.274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.15.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "6.1.85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: Fix uninit-value in nci_rx_work\n\nsyzbot reported the following uninit-value access issue [1]\n\nnci_rx_work() parses received packet from ndev-\u003erx_q. It should be\nvalidated header size, payload size and total packet size before\nprocessing the packet. If an invalid packet is detected, it should be\nsilently discarded."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:39.584Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6"
},
{
"url": "https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619"
},
{
"url": "https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1"
},
{
"url": "https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe"
},
{
"url": "https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3"
},
{
"url": "https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea"
},
{
"url": "https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c"
},
{
"url": "https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed"
}
],
"title": "nfc: nci: Fix uninit-value in nci_rx_work",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38381",
"datePublished": "2024-06-21T10:18:12.302Z",
"dateReserved": "2024-06-21T10:12:11.547Z",
"dateUpdated": "2025-05-04T12:56:39.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26625 (GCVE-0-2024-26625)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
llc: call sock_orphan() at release time
syzbot reported an interesting trace [1] caused by a stale sk->sk_wq
pointer in a closed llc socket.
In commit ff7b11aa481f ("net: socket: set sock->sk to NULL after
calling proto_ops::release()") Eric Biggers hinted that some protocols
are missing a sock_orphan(), we need to perform a full audit.
In net-next, I plan to clear sock->sk from sock_orphan() and
amend Eric patch to add a warning.
[1]
BUG: KASAN: slab-use-after-free in list_empty include/linux/list.h:373 [inline]
BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline]
BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline]
BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468
Read of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27
CPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:377 [inline]
print_report+0xc4/0x620 mm/kasan/report.c:488
kasan_report+0xda/0x110 mm/kasan/report.c:601
list_empty include/linux/list.h:373 [inline]
waitqueue_active include/linux/wait.h:127 [inline]
sock_def_write_space_wfree net/core/sock.c:3384 [inline]
sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468
skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080
skb_release_all net/core/skbuff.c:1092 [inline]
napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404
e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970
e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline]
e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801
__napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576
napi_poll net/core/dev.c:6645 [inline]
net_rx_action+0x956/0xe90 net/core/dev.c:6778
__do_softirq+0x21a/0x8de kernel/softirq.c:553
run_ksoftirqd kernel/softirq.c:921 [inline]
run_ksoftirqd+0x31/0x60 kernel/softirq.c:913
smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164
kthread+0x2c6/0x3a0 kernel/kthread.c:388
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
</TASK>
Allocated by task 5167:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
unpoison_slab_object mm/kasan/common.c:314 [inline]
__kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook mm/slub.c:3813 [inline]
slab_alloc_node mm/slub.c:3860 [inline]
kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879
alloc_inode_sb include/linux/fs.h:3019 [inline]
sock_alloc_inode+0x25/0x1c0 net/socket.c:308
alloc_inode+0x5d/0x220 fs/inode.c:260
new_inode_pseudo+0x16/0x80 fs/inode.c:1005
sock_alloc+0x40/0x270 net/socket.c:634
__sock_create+0xbc/0x800 net/socket.c:1535
sock_create net/socket.c:1622 [inline]
__sys_socket_create net/socket.c:1659 [inline]
__sys_socket+0x14c/0x260 net/socket.c:1706
__do_sys_socket net/socket.c:1720 [inline]
__se_sys_socket net/socket.c:1718 [inline]
__x64_sys_socket+0x72/0xb0 net/socket.c:1718
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Freed by task 0:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640
poison_slab_object mm/kasan/common.c:241 [inline]
__kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257
kasan_slab_free include/linux/kasan.h:184 [inline]
slab_free_hook mm/slub.c:2121 [inlin
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26625",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T16:41:05.994976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:16.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b950c712a9a05cdda4aea7fcb2848766576c11b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64babb17e8150771c58575d8f93a35c5296b499f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0b5b1f12429df3cd9751ab8b2f53729b77733b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbc1b89981f9c5360277071d33d7f04a43ffda4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c333d9891f34cea8af1b229dc754552304c8eee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3151051b787f7cd7e3329ea0016eb9113c248812"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e51f084b5716653f19e291ed5f026791d4b3ed4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa2b2eb3934859904c287bf5434647ba72e14c1c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/llc/af_llc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6b950c712a9a05cdda4aea7fcb2848766576c11b",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "64babb17e8150771c58575d8f93a35c5296b499f",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "d0b5b1f12429df3cd9751ab8b2f53729b77733b7",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "dbc1b89981f9c5360277071d33d7f04a43ffda4a",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "9c333d9891f34cea8af1b229dc754552304c8eee",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "3151051b787f7cd7e3329ea0016eb9113c248812",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "8e51f084b5716653f19e291ed5f026791d4b3ed4",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "aa2b2eb3934859904c287bf5434647ba72e14c1c",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/llc/af_llc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: call sock_orphan() at release time\n\nsyzbot reported an interesting trace [1] caused by a stale sk-\u003esk_wq\npointer in a closed llc socket.\n\nIn commit ff7b11aa481f (\"net: socket: set sock-\u003esk to NULL after\ncalling proto_ops::release()\") Eric Biggers hinted that some protocols\nare missing a sock_orphan(), we need to perform a full audit.\n\nIn net-next, I plan to clear sock-\u003esk from sock_orphan() and\namend Eric patch to add a warning.\n\n[1]\n BUG: KASAN: slab-use-after-free in list_empty include/linux/list.h:373 [inline]\n BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline]\n BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline]\n BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468\nRead of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27\n\nCPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc4/0x620 mm/kasan/report.c:488\n kasan_report+0xda/0x110 mm/kasan/report.c:601\n list_empty include/linux/list.h:373 [inline]\n waitqueue_active include/linux/wait.h:127 [inline]\n sock_def_write_space_wfree net/core/sock.c:3384 [inline]\n sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468\n skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080\n skb_release_all net/core/skbuff.c:1092 [inline]\n napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404\n e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970\n e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline]\n e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801\n __napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576\n napi_poll net/core/dev.c:6645 [inline]\n net_rx_action+0x956/0xe90 net/core/dev.c:6778\n __do_softirq+0x21a/0x8de kernel/softirq.c:553\n run_ksoftirqd kernel/softirq.c:921 [inline]\n run_ksoftirqd+0x31/0x60 kernel/softirq.c:913\n smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164\n kthread+0x2c6/0x3a0 kernel/kthread.c:388\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242\n \u003c/TASK\u003e\n\nAllocated by task 5167:\n kasan_save_stack+0x33/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3019 [inline]\n sock_alloc_inode+0x25/0x1c0 net/socket.c:308\n alloc_inode+0x5d/0x220 fs/inode.c:260\n new_inode_pseudo+0x16/0x80 fs/inode.c:1005\n sock_alloc+0x40/0x270 net/socket.c:634\n __sock_create+0xbc/0x800 net/socket.c:1535\n sock_create net/socket.c:1622 [inline]\n __sys_socket_create net/socket.c:1659 [inline]\n __sys_socket+0x14c/0x260 net/socket.c:1706\n __do_sys_socket net/socket.c:1720 [inline]\n __se_sys_socket net/socket.c:1718 [inline]\n __x64_sys_socket+0x72/0xb0 net/socket.c:1718\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFreed by task 0:\n kasan_save_stack+0x33/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640\n poison_slab_object mm/kasan/common.c:241 [inline]\n __kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2121 [inlin\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:34.411Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6b950c712a9a05cdda4aea7fcb2848766576c11b"
},
{
"url": "https://git.kernel.org/stable/c/64babb17e8150771c58575d8f93a35c5296b499f"
},
{
"url": "https://git.kernel.org/stable/c/d0b5b1f12429df3cd9751ab8b2f53729b77733b7"
},
{
"url": "https://git.kernel.org/stable/c/dbc1b89981f9c5360277071d33d7f04a43ffda4a"
},
{
"url": "https://git.kernel.org/stable/c/9c333d9891f34cea8af1b229dc754552304c8eee"
},
{
"url": "https://git.kernel.org/stable/c/3151051b787f7cd7e3329ea0016eb9113c248812"
},
{
"url": "https://git.kernel.org/stable/c/8e51f084b5716653f19e291ed5f026791d4b3ed4"
},
{
"url": "https://git.kernel.org/stable/c/aa2b2eb3934859904c287bf5434647ba72e14c1c"
}
],
"title": "llc: call sock_orphan() at release time",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26625",
"datePublished": "2024-03-06T06:45:33.311Z",
"dateReserved": "2024-02-19T14:20:24.135Z",
"dateUpdated": "2025-05-04T08:52:34.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52816 (GCVE-0-2023-52816)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Fix shift out-of-bounds issue
[ 567.613292] shift exponent 255 is too large for 64-bit type 'long unsigned int'
[ 567.614498] CPU: 5 PID: 238 Comm: kworker/5:1 Tainted: G OE 6.2.0-34-generic #34~22.04.1-Ubuntu
[ 567.614502] Hardware name: AMD Splinter/Splinter-RPL, BIOS WS43927N_871 09/25/2023
[ 567.614504] Workqueue: events send_exception_work_handler [amdgpu]
[ 567.614748] Call Trace:
[ 567.614750] <TASK>
[ 567.614753] dump_stack_lvl+0x48/0x70
[ 567.614761] dump_stack+0x10/0x20
[ 567.614763] __ubsan_handle_shift_out_of_bounds+0x156/0x310
[ 567.614769] ? srso_alias_return_thunk+0x5/0x7f
[ 567.614773] ? update_sd_lb_stats.constprop.0+0xf2/0x3c0
[ 567.614780] svm_range_split_by_granularity.cold+0x2b/0x34 [amdgpu]
[ 567.615047] ? srso_alias_return_thunk+0x5/0x7f
[ 567.615052] svm_migrate_to_ram+0x185/0x4d0 [amdgpu]
[ 567.615286] do_swap_page+0x7b6/0xa30
[ 567.615291] ? srso_alias_return_thunk+0x5/0x7f
[ 567.615294] ? __free_pages+0x119/0x130
[ 567.615299] handle_pte_fault+0x227/0x280
[ 567.615303] __handle_mm_fault+0x3c0/0x720
[ 567.615311] handle_mm_fault+0x119/0x330
[ 567.615314] ? lock_mm_and_find_vma+0x44/0x250
[ 567.615318] do_user_addr_fault+0x1a9/0x640
[ 567.615323] exc_page_fault+0x81/0x1b0
[ 567.615328] asm_exc_page_fault+0x27/0x30
[ 567.615332] RIP: 0010:__get_user_8+0x1c/0x30
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T16:24:14.199378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:04.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f7a400d5e80f99581e3e8a9843e1f6118bf454f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2806f880379232e789957c2078d612669eb7a69c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d33a35b13cbfec3238043f196fa87a6384f9d087"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56649c43d40ce0147465a2d5756d300e87f9ee1c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/282c1d793076c2edac6c3db51b7e8ed2b41d60a5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_svm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3f7a400d5e80f99581e3e8a9843e1f6118bf454f",
"status": "affected",
"version": "42de677f79999791bee4e21be318c32d90ab62c6",
"versionType": "git"
},
{
"lessThan": "2806f880379232e789957c2078d612669eb7a69c",
"status": "affected",
"version": "42de677f79999791bee4e21be318c32d90ab62c6",
"versionType": "git"
},
{
"lessThan": "d33a35b13cbfec3238043f196fa87a6384f9d087",
"status": "affected",
"version": "42de677f79999791bee4e21be318c32d90ab62c6",
"versionType": "git"
},
{
"lessThan": "56649c43d40ce0147465a2d5756d300e87f9ee1c",
"status": "affected",
"version": "42de677f79999791bee4e21be318c32d90ab62c6",
"versionType": "git"
},
{
"lessThan": "282c1d793076c2edac6c3db51b7e8ed2b41d60a5",
"status": "affected",
"version": "42de677f79999791bee4e21be318c32d90ab62c6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_svm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix shift out-of-bounds issue\n\n[ 567.613292] shift exponent 255 is too large for 64-bit type \u0027long unsigned int\u0027\n[ 567.614498] CPU: 5 PID: 238 Comm: kworker/5:1 Tainted: G OE 6.2.0-34-generic #34~22.04.1-Ubuntu\n[ 567.614502] Hardware name: AMD Splinter/Splinter-RPL, BIOS WS43927N_871 09/25/2023\n[ 567.614504] Workqueue: events send_exception_work_handler [amdgpu]\n[ 567.614748] Call Trace:\n[ 567.614750] \u003cTASK\u003e\n[ 567.614753] dump_stack_lvl+0x48/0x70\n[ 567.614761] dump_stack+0x10/0x20\n[ 567.614763] __ubsan_handle_shift_out_of_bounds+0x156/0x310\n[ 567.614769] ? srso_alias_return_thunk+0x5/0x7f\n[ 567.614773] ? update_sd_lb_stats.constprop.0+0xf2/0x3c0\n[ 567.614780] svm_range_split_by_granularity.cold+0x2b/0x34 [amdgpu]\n[ 567.615047] ? srso_alias_return_thunk+0x5/0x7f\n[ 567.615052] svm_migrate_to_ram+0x185/0x4d0 [amdgpu]\n[ 567.615286] do_swap_page+0x7b6/0xa30\n[ 567.615291] ? srso_alias_return_thunk+0x5/0x7f\n[ 567.615294] ? __free_pages+0x119/0x130\n[ 567.615299] handle_pte_fault+0x227/0x280\n[ 567.615303] __handle_mm_fault+0x3c0/0x720\n[ 567.615311] handle_mm_fault+0x119/0x330\n[ 567.615314] ? lock_mm_and_find_vma+0x44/0x250\n[ 567.615318] do_user_addr_fault+0x1a9/0x640\n[ 567.615323] exc_page_fault+0x81/0x1b0\n[ 567.615328] asm_exc_page_fault+0x27/0x30\n[ 567.615332] RIP: 0010:__get_user_8+0x1c/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:44.087Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3f7a400d5e80f99581e3e8a9843e1f6118bf454f"
},
{
"url": "https://git.kernel.org/stable/c/2806f880379232e789957c2078d612669eb7a69c"
},
{
"url": "https://git.kernel.org/stable/c/d33a35b13cbfec3238043f196fa87a6384f9d087"
},
{
"url": "https://git.kernel.org/stable/c/56649c43d40ce0147465a2d5756d300e87f9ee1c"
},
{
"url": "https://git.kernel.org/stable/c/282c1d793076c2edac6c3db51b7e8ed2b41d60a5"
}
],
"title": "drm/amdkfd: Fix shift out-of-bounds issue",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52816",
"datePublished": "2024-05-21T15:31:23.567Z",
"dateReserved": "2024-05-21T15:19:24.248Z",
"dateUpdated": "2025-05-04T07:43:44.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52872 (GCVE-0-2023-52872)
Vulnerability from cvelistv5
Published
2024-05-21 15:32
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: n_gsm: fix race condition in status line change on dead connections
gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all
timers, removing the virtual tty devices and clearing the data queues.
This procedure, however, may cause subsequent changes of the virtual modem
status lines of a DLCI. More data is being added the outgoing data queue
and the deleted kick timer is restarted to handle this. At this point many
resources have already been removed by the cleanup procedure. Thus, a
kernel panic occurs.
Fix this by proving in gsm_modem_update() that the cleanup procedure has
not been started and the mux is still alive.
Note that writing to a virtual tty is already protected by checks against
the DLCI specific connection state.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: dd37f657387853623f20c1b2482afbb9cd8ece33 Version: c568f7086c6e771c77aad13d727c70ef70e07243 Version: c568f7086c6e771c77aad13d727c70ef70e07243 Version: c568f7086c6e771c77aad13d727c70ef70e07243 Version: c568f7086c6e771c77aad13d727c70ef70e07243 Version: d834aba5f30d9a6f98f4ca1eb07e501f1989331c Version: 692e847a8e6607909c4a3f98ab16ccee7849bd11 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:43:05.660039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T15:02:28.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81a4dd5e6c78f5d8952fa8c9d36565db1fe01444"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df6cfab66ff2a44bd23ad5dd5309cb3421bb6593"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19d34b73234af542cc8a218cf398dee73cdb1890"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce4df90333c4fe65acb8b5089fdfe9b955ce976a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a75b205de43365f80a33b98ec9289785da56243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/n_gsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "81a4dd5e6c78f5d8952fa8c9d36565db1fe01444",
"status": "affected",
"version": "dd37f657387853623f20c1b2482afbb9cd8ece33",
"versionType": "git"
},
{
"lessThan": "df6cfab66ff2a44bd23ad5dd5309cb3421bb6593",
"status": "affected",
"version": "c568f7086c6e771c77aad13d727c70ef70e07243",
"versionType": "git"
},
{
"lessThan": "19d34b73234af542cc8a218cf398dee73cdb1890",
"status": "affected",
"version": "c568f7086c6e771c77aad13d727c70ef70e07243",
"versionType": "git"
},
{
"lessThan": "ce4df90333c4fe65acb8b5089fdfe9b955ce976a",
"status": "affected",
"version": "c568f7086c6e771c77aad13d727c70ef70e07243",
"versionType": "git"
},
{
"lessThan": "3a75b205de43365f80a33b98ec9289785da56243",
"status": "affected",
"version": "c568f7086c6e771c77aad13d727c70ef70e07243",
"versionType": "git"
},
{
"status": "affected",
"version": "d834aba5f30d9a6f98f4ca1eb07e501f1989331c",
"versionType": "git"
},
{
"status": "affected",
"version": "692e847a8e6607909c4a3f98ab16ccee7849bd11",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/n_gsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.138",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.62",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.138",
"versionStartIncluding": "5.15.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.62",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.11",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.1",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix race condition in status line change on dead connections\n\ngsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all\ntimers, removing the virtual tty devices and clearing the data queues.\nThis procedure, however, may cause subsequent changes of the virtual modem\nstatus lines of a DLCI. More data is being added the outgoing data queue\nand the deleted kick timer is restarted to handle this. At this point many\nresources have already been removed by the cleanup procedure. Thus, a\nkernel panic occurs.\n\nFix this by proving in gsm_modem_update() that the cleanup procedure has\nnot been started and the mux is still alive.\n\nNote that writing to a virtual tty is already protected by checks against\nthe DLCI specific connection state."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:44.477Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/81a4dd5e6c78f5d8952fa8c9d36565db1fe01444"
},
{
"url": "https://git.kernel.org/stable/c/df6cfab66ff2a44bd23ad5dd5309cb3421bb6593"
},
{
"url": "https://git.kernel.org/stable/c/19d34b73234af542cc8a218cf398dee73cdb1890"
},
{
"url": "https://git.kernel.org/stable/c/ce4df90333c4fe65acb8b5089fdfe9b955ce976a"
},
{
"url": "https://git.kernel.org/stable/c/3a75b205de43365f80a33b98ec9289785da56243"
}
],
"title": "tty: n_gsm: fix race condition in status line change on dead connections",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52872",
"datePublished": "2024-05-21T15:32:06.610Z",
"dateReserved": "2024-05-21T15:19:24.264Z",
"dateUpdated": "2025-05-04T12:49:44.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52813 (GCVE-0-2023-52813)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-07-15 15:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: pcrypt - Fix hungtask for PADATA_RESET
We found a hungtask bug in test_aead_vec_cfg as follows:
INFO: task cryptomgr_test:391009 blocked for more than 120 seconds.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Call trace:
__switch_to+0x98/0xe0
__schedule+0x6c4/0xf40
schedule+0xd8/0x1b4
schedule_timeout+0x474/0x560
wait_for_common+0x368/0x4e0
wait_for_completion+0x20/0x30
wait_for_completion+0x20/0x30
test_aead_vec_cfg+0xab4/0xd50
test_aead+0x144/0x1f0
alg_test_aead+0xd8/0x1e0
alg_test+0x634/0x890
cryptomgr_test+0x40/0x70
kthread+0x1e0/0x220
ret_from_fork+0x10/0x18
Kernel panic - not syncing: hung_task: blocked tasks
For padata_do_parallel, when the return err is 0 or -EBUSY, it will call
wait_for_completion(&wait->completion) in test_aead_vec_cfg. In normal
case, aead_request_complete() will be called in pcrypt_aead_serial and the
return err is 0 for padata_do_parallel. But, when pinst->flags is
PADATA_RESET, the return err is -EBUSY for padata_do_parallel, and it
won't call aead_request_complete(). Therefore, test_aead_vec_cfg will
hung at wait_for_completion(&wait->completion), which will cause
hungtask.
The problem comes as following:
(padata_do_parallel) |
rcu_read_lock_bh(); |
err = -EINVAL; | (padata_replace)
| pinst->flags |= PADATA_RESET;
err = -EBUSY |
if (pinst->flags & PADATA_RESET) |
rcu_read_unlock_bh() |
return err
In order to resolve the problem, we replace the return err -EBUSY with
-EAGAIN, which means parallel_data is changing, and the caller should call
it again.
v3:
remove retry and just change the return err.
v2:
introduce padata_try_do_parallel() in pcrypt_aead_encrypt and
pcrypt_aead_decrypt to solve the hungtask.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T17:18:51.048604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:13.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb2d3a50a8f29a3c66682bb426144f40e32ab818"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/039fec48e062504f14845124a1a25eb199b2ddc0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c9c1334697301c10e6918d747ed38abfbc0c96e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e97bf4ada7dddacd184c3e196bd063b0dc71b41d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/546c1796ad1ed0d87dab3c4b5156d75819be2316"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c55fc098fd9d2dca475b82d00ffbcaf97879d77e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e134f3aba98e6c801a693f540912c2d493718ddf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/372636debe852913529b1716f44addd94fff2d28"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f4f68e788c3a7a696546291258bfa5fdb215523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"crypto/pcrypt.c",
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fb2d3a50a8f29a3c66682bb426144f40e32ab818",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "039fec48e062504f14845124a1a25eb199b2ddc0",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "c9c1334697301c10e6918d747ed38abfbc0c96e7",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "e97bf4ada7dddacd184c3e196bd063b0dc71b41d",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "546c1796ad1ed0d87dab3c4b5156d75819be2316",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "c55fc098fd9d2dca475b82d00ffbcaf97879d77e",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "e134f3aba98e6c801a693f540912c2d493718ddf",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "372636debe852913529b1716f44addd94fff2d28",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "8f4f68e788c3a7a696546291258bfa5fdb215523",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"crypto/pcrypt.c",
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "2.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: pcrypt - Fix hungtask for PADATA_RESET\n\nWe found a hungtask bug in test_aead_vec_cfg as follows:\n\nINFO: task cryptomgr_test:391009 blocked for more than 120 seconds.\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\nCall trace:\n __switch_to+0x98/0xe0\n __schedule+0x6c4/0xf40\n schedule+0xd8/0x1b4\n schedule_timeout+0x474/0x560\n wait_for_common+0x368/0x4e0\n wait_for_completion+0x20/0x30\n wait_for_completion+0x20/0x30\n test_aead_vec_cfg+0xab4/0xd50\n test_aead+0x144/0x1f0\n alg_test_aead+0xd8/0x1e0\n alg_test+0x634/0x890\n cryptomgr_test+0x40/0x70\n kthread+0x1e0/0x220\n ret_from_fork+0x10/0x18\n Kernel panic - not syncing: hung_task: blocked tasks\n\nFor padata_do_parallel, when the return err is 0 or -EBUSY, it will call\nwait_for_completion(\u0026wait-\u003ecompletion) in test_aead_vec_cfg. In normal\ncase, aead_request_complete() will be called in pcrypt_aead_serial and the\nreturn err is 0 for padata_do_parallel. But, when pinst-\u003eflags is\nPADATA_RESET, the return err is -EBUSY for padata_do_parallel, and it\nwon\u0027t call aead_request_complete(). Therefore, test_aead_vec_cfg will\nhung at wait_for_completion(\u0026wait-\u003ecompletion), which will cause\nhungtask.\n\nThe problem comes as following:\n(padata_do_parallel) |\n rcu_read_lock_bh(); |\n err = -EINVAL; | (padata_replace)\n | pinst-\u003eflags |= PADATA_RESET;\n err = -EBUSY |\n if (pinst-\u003eflags \u0026 PADATA_RESET) |\n rcu_read_unlock_bh() |\n return err\n\nIn order to resolve the problem, we replace the return err -EBUSY with\n-EAGAIN, which means parallel_data is changing, and the caller should call\nit again.\n\nv3:\nremove retry and just change the return err.\nv2:\nintroduce padata_try_do_parallel() in pcrypt_aead_encrypt and\npcrypt_aead_decrypt to solve the hungtask."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T15:43:50.801Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fb2d3a50a8f29a3c66682bb426144f40e32ab818"
},
{
"url": "https://git.kernel.org/stable/c/039fec48e062504f14845124a1a25eb199b2ddc0"
},
{
"url": "https://git.kernel.org/stable/c/c9c1334697301c10e6918d747ed38abfbc0c96e7"
},
{
"url": "https://git.kernel.org/stable/c/e97bf4ada7dddacd184c3e196bd063b0dc71b41d"
},
{
"url": "https://git.kernel.org/stable/c/546c1796ad1ed0d87dab3c4b5156d75819be2316"
},
{
"url": "https://git.kernel.org/stable/c/c55fc098fd9d2dca475b82d00ffbcaf97879d77e"
},
{
"url": "https://git.kernel.org/stable/c/e134f3aba98e6c801a693f540912c2d493718ddf"
},
{
"url": "https://git.kernel.org/stable/c/372636debe852913529b1716f44addd94fff2d28"
},
{
"url": "https://git.kernel.org/stable/c/8f4f68e788c3a7a696546291258bfa5fdb215523"
}
],
"title": "crypto: pcrypt - Fix hungtask for PADATA_RESET",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52813",
"datePublished": "2024-05-21T15:31:21.604Z",
"dateReserved": "2024-05-21T15:19:24.248Z",
"dateUpdated": "2025-07-15T15:43:50.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38539 (GCVE-0-2024-38539)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw
When running blktests nvme/rdma, the following kmemleak issue will appear.
kmemleak: Kernel memory leak detector initialized (mempool available:36041)
kmemleak: Automatic memory scanning thread started
kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
kmemleak: 8 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
kmemleak: 17 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
kmemleak: 4 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
unreferenced object 0xffff88855da53400 (size 192):
comm "rdma", pid 10630, jiffies 4296575922
hex dump (first 32 bytes):
37 00 00 00 00 00 00 00 c0 ff ff ff 1f 00 00 00 7...............
10 34 a5 5d 85 88 ff ff 10 34 a5 5d 85 88 ff ff .4.].....4.]....
backtrace (crc 47f66721):
[<ffffffff911251bd>] kmalloc_trace+0x30d/0x3b0
[<ffffffffc2640ff7>] alloc_gid_entry+0x47/0x380 [ib_core]
[<ffffffffc2642206>] add_modify_gid+0x166/0x930 [ib_core]
[<ffffffffc2643468>] ib_cache_update.part.0+0x6d8/0x910 [ib_core]
[<ffffffffc2644e1a>] ib_cache_setup_one+0x24a/0x350 [ib_core]
[<ffffffffc263949e>] ib_register_device+0x9e/0x3a0 [ib_core]
[<ffffffffc2a3d389>] 0xffffffffc2a3d389
[<ffffffffc2688cd8>] nldev_newlink+0x2b8/0x520 [ib_core]
[<ffffffffc2645fe3>] rdma_nl_rcv_msg+0x2c3/0x520 [ib_core]
[<ffffffffc264648c>]
rdma_nl_rcv_skb.constprop.0.isra.0+0x23c/0x3a0 [ib_core]
[<ffffffff9270e7b5>] netlink_unicast+0x445/0x710
[<ffffffff9270f1f1>] netlink_sendmsg+0x761/0xc40
[<ffffffff9249db29>] __sys_sendto+0x3a9/0x420
[<ffffffff9249dc8c>] __x64_sys_sendto+0xdc/0x1b0
[<ffffffff92db0ad3>] do_syscall_64+0x93/0x180
[<ffffffff92e00126>] entry_SYSCALL_64_after_hwframe+0x71/0x79
The root cause: rdma_put_gid_attr is not called when sgid_attr is set
to ERR_PTR(-ENODEV).
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3eb127dc408bf7959a4920d04d16ce10e863686a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6564fc1818404254d1c9f7d75b403b4941516d26"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3a7fb93afd888793ef226e9665fbda98a95c48e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c0731832d3b7420cbadba6a7f334363bc8dfb15"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:13.442238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:58.137Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/cma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3eb127dc408bf7959a4920d04d16ce10e863686a",
"status": "affected",
"version": "f8ef1be816bf9a0c406c696368c2264a9597a994",
"versionType": "git"
},
{
"lessThan": "6564fc1818404254d1c9f7d75b403b4941516d26",
"status": "affected",
"version": "f8ef1be816bf9a0c406c696368c2264a9597a994",
"versionType": "git"
},
{
"lessThan": "b3a7fb93afd888793ef226e9665fbda98a95c48e",
"status": "affected",
"version": "f8ef1be816bf9a0c406c696368c2264a9597a994",
"versionType": "git"
},
{
"lessThan": "9c0731832d3b7420cbadba6a7f334363bc8dfb15",
"status": "affected",
"version": "f8ef1be816bf9a0c406c696368c2264a9597a994",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/cma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw\n\nWhen running blktests nvme/rdma, the following kmemleak issue will appear.\n\nkmemleak: Kernel memory leak detector initialized (mempool available:36041)\nkmemleak: Automatic memory scanning thread started\nkmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak)\nkmemleak: 8 new suspected memory leaks (see /sys/kernel/debug/kmemleak)\nkmemleak: 17 new suspected memory leaks (see /sys/kernel/debug/kmemleak)\nkmemleak: 4 new suspected memory leaks (see /sys/kernel/debug/kmemleak)\n\nunreferenced object 0xffff88855da53400 (size 192):\n comm \"rdma\", pid 10630, jiffies 4296575922\n hex dump (first 32 bytes):\n 37 00 00 00 00 00 00 00 c0 ff ff ff 1f 00 00 00 7...............\n 10 34 a5 5d 85 88 ff ff 10 34 a5 5d 85 88 ff ff .4.].....4.]....\n backtrace (crc 47f66721):\n [\u003cffffffff911251bd\u003e] kmalloc_trace+0x30d/0x3b0\n [\u003cffffffffc2640ff7\u003e] alloc_gid_entry+0x47/0x380 [ib_core]\n [\u003cffffffffc2642206\u003e] add_modify_gid+0x166/0x930 [ib_core]\n [\u003cffffffffc2643468\u003e] ib_cache_update.part.0+0x6d8/0x910 [ib_core]\n [\u003cffffffffc2644e1a\u003e] ib_cache_setup_one+0x24a/0x350 [ib_core]\n [\u003cffffffffc263949e\u003e] ib_register_device+0x9e/0x3a0 [ib_core]\n [\u003cffffffffc2a3d389\u003e] 0xffffffffc2a3d389\n [\u003cffffffffc2688cd8\u003e] nldev_newlink+0x2b8/0x520 [ib_core]\n [\u003cffffffffc2645fe3\u003e] rdma_nl_rcv_msg+0x2c3/0x520 [ib_core]\n [\u003cffffffffc264648c\u003e]\nrdma_nl_rcv_skb.constprop.0.isra.0+0x23c/0x3a0 [ib_core]\n [\u003cffffffff9270e7b5\u003e] netlink_unicast+0x445/0x710\n [\u003cffffffff9270f1f1\u003e] netlink_sendmsg+0x761/0xc40\n [\u003cffffffff9249db29\u003e] __sys_sendto+0x3a9/0x420\n [\u003cffffffff9249dc8c\u003e] __x64_sys_sendto+0xdc/0x1b0\n [\u003cffffffff92db0ad3\u003e] do_syscall_64+0x93/0x180\n [\u003cffffffff92e00126\u003e] entry_SYSCALL_64_after_hwframe+0x71/0x79\n\nThe root cause: rdma_put_gid_attr is not called when sgid_attr is set\nto ERR_PTR(-ENODEV)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:33.880Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3eb127dc408bf7959a4920d04d16ce10e863686a"
},
{
"url": "https://git.kernel.org/stable/c/6564fc1818404254d1c9f7d75b403b4941516d26"
},
{
"url": "https://git.kernel.org/stable/c/b3a7fb93afd888793ef226e9665fbda98a95c48e"
},
{
"url": "https://git.kernel.org/stable/c/9c0731832d3b7420cbadba6a7f334363bc8dfb15"
}
],
"title": "RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38539",
"datePublished": "2024-06-19T13:35:14.099Z",
"dateReserved": "2024-06-18T19:36:34.918Z",
"dateUpdated": "2025-05-04T09:13:33.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52819 (GCVE-0-2023-52819)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
For pptable structs that use flexible array sizes, use flexible arrays.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T17:21:07.724623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T19:06:09.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/60a00dfc7c5deafd1dd393beaf53224f7256dad6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a63fd579e7b1c3a9ebd6e6c494d49b1b6cf5515e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d50a56749e5afdc63491b88f5153c1aae00d4679"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c1dbddbfcb051e82cea0c197c620f9dcdc38e92"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a237675aa1e62bbfaa341c535331c8656a508fa1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0725232da777840703f5f1e22f2e3081d712aa4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c68283f3166221af3df5791f0e13d3137a72216"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3b8b7c040cf069da7afe11c5bd73b870b8f3d18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f0e59075b5c22f1e871fbd508d6e4f495048356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "60a00dfc7c5deafd1dd393beaf53224f7256dad6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a63fd579e7b1c3a9ebd6e6c494d49b1b6cf5515e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d50a56749e5afdc63491b88f5153c1aae00d4679",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8c1dbddbfcb051e82cea0c197c620f9dcdc38e92",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a237675aa1e62bbfaa341c535331c8656a508fa1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d0725232da777840703f5f1e22f2e3081d712aa4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7c68283f3166221af3df5791f0e13d3137a72216",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b3b8b7c040cf069da7afe11c5bd73b870b8f3d18",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0f0e59075b5c22f1e871fbd508d6e4f495048356",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga\n\nFor pptable structs that use flexible array sizes, use flexible arrays."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:47.544Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/60a00dfc7c5deafd1dd393beaf53224f7256dad6"
},
{
"url": "https://git.kernel.org/stable/c/a63fd579e7b1c3a9ebd6e6c494d49b1b6cf5515e"
},
{
"url": "https://git.kernel.org/stable/c/d50a56749e5afdc63491b88f5153c1aae00d4679"
},
{
"url": "https://git.kernel.org/stable/c/8c1dbddbfcb051e82cea0c197c620f9dcdc38e92"
},
{
"url": "https://git.kernel.org/stable/c/a237675aa1e62bbfaa341c535331c8656a508fa1"
},
{
"url": "https://git.kernel.org/stable/c/d0725232da777840703f5f1e22f2e3081d712aa4"
},
{
"url": "https://git.kernel.org/stable/c/7c68283f3166221af3df5791f0e13d3137a72216"
},
{
"url": "https://git.kernel.org/stable/c/b3b8b7c040cf069da7afe11c5bd73b870b8f3d18"
},
{
"url": "https://git.kernel.org/stable/c/0f0e59075b5c22f1e871fbd508d6e4f495048356"
}
],
"title": "drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52819",
"datePublished": "2024-05-21T15:31:25.582Z",
"dateReserved": "2024-05-21T15:19:24.249Z",
"dateUpdated": "2025-05-04T07:43:47.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52881 (GCVE-0-2023-52881)
Vulnerability from cvelistv5
Published
2024-05-29 10:15
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: do not accept ACK of bytes we never sent
This patch is based on a detailed report and ideas from Yepeng Pan
and Christian Rossow.
ACK seq validation is currently following RFC 5961 5.2 guidelines:
The ACK value is considered acceptable only if
it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <=
SND.NXT). All incoming segments whose ACK value doesn't satisfy the
above condition MUST be discarded and an ACK sent back. It needs to
be noted that RFC 793 on page 72 (fifth check) says: "If the ACK is a
duplicate (SEG.ACK < SND.UNA), it can be ignored. If the ACK
acknowledges something not yet sent (SEG.ACK > SND.NXT) then send an
ACK, drop the segment, and return". The "ignored" above implies that
the processing of the incoming data segment continues, which means
the ACK value is treated as acceptable. This mitigation makes the
ACK check more stringent since any ACK < SND.UNA wouldn't be
accepted, instead only ACKs that are in the range ((SND.UNA -
MAX.SND.WND) <= SEG.ACK <= SND.NXT) get through.
This can be refined for new (and possibly spoofed) flows,
by not accepting ACK for bytes that were never sent.
This greatly improves TCP security at a little cost.
I added a Fixes: tag to make sure this patch will reach stable trees,
even if the 'blamed' patch was adhering to the RFC.
tp->bytes_acked was added in linux-4.2
Following packetdrill test (courtesy of Yepeng Pan) shows
the issue at hand:
0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
+0 bind(3, ..., ...) = 0
+0 listen(3, 1024) = 0
// ---------------- Handshake ------------------- //
// when window scale is set to 14 the window size can be extended to
// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet
// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)
// ,though this ack number acknowledges some data never
// sent by the server.
+0 < S 0:0(0) win 65535 <mss 1400,nop,wscale 14>
+0 > S. 0:0(0) ack 1 <...>
+0 < . 1:1(0) ack 1 win 65535
+0 accept(3, ..., ...) = 4
// For the established connection, we send an ACK packet,
// the ack packet uses ack number 1 - 1073725300 + 2^32,
// where 2^32 is used to wrap around.
// Note: we used 1073725300 instead of 1073725440 to avoid possible
// edge cases.
// 1 - 1073725300 + 2^32 = 3221241997
// Oops, old kernels happily accept this packet.
+0 < . 1:1001(1000) ack 3221241997 win 65535
// After the kernel fix the following will be replaced by a challenge ACK,
// and prior malicious frame would be dropped.
+0 > . 1:1(0) ack 1001
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 8d15569e14cfcf9151e9e3b4c0cb98369943a2bb Version: e252bbd8c87b95e9cecdc01350fbb0b46a0f9bf1 Version: 2ee4432e82437a7c051c254b065fbf5d4581e1a3 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T16:46:40.495686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T15:11:03.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_input.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69eae75ca5255e876628ac5cee9eaab31f644b57",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "458f07ffeccd17f99942311e09ef574ddf4a414a",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "7ffff0cc929fdfc62a74b384c4903d6496c910f0",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "b17a886ed29f3b70b78ccf632dad03e0c69e3c1a",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "0d4e0afdd6658cd21dd5be61880411a2553fd1fc",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "008b807fe487e0b15a3a6c39add4eb477f73e440",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "2087d53a66e97a5eb5d1bf558d5bef9e5f891757",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"status": "affected",
"version": "8d15569e14cfcf9151e9e3b4c0cb98369943a2bb",
"versionType": "git"
},
{
"status": "affected",
"version": "e252bbd8c87b95e9cecdc01350fbb0b46a0f9bf1",
"versionType": "git"
},
{
"status": "affected",
"version": "2ee4432e82437a7c051c254b065fbf5d4581e1a3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_input.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.333",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.264",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.204",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.143",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.333",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.302",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.264",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.204",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.143",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.68",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.7",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: do not accept ACK of bytes we never sent\n\nThis patch is based on a detailed report and ideas from Yepeng Pan\nand Christian Rossow.\n\nACK seq validation is currently following RFC 5961 5.2 guidelines:\n\n The ACK value is considered acceptable only if\n it is in the range of ((SND.UNA - MAX.SND.WND) \u003c= SEG.ACK \u003c=\n SND.NXT). All incoming segments whose ACK value doesn\u0027t satisfy the\n above condition MUST be discarded and an ACK sent back. It needs to\n be noted that RFC 793 on page 72 (fifth check) says: \"If the ACK is a\n duplicate (SEG.ACK \u003c SND.UNA), it can be ignored. If the ACK\n acknowledges something not yet sent (SEG.ACK \u003e SND.NXT) then send an\n ACK, drop the segment, and return\". The \"ignored\" above implies that\n the processing of the incoming data segment continues, which means\n the ACK value is treated as acceptable. This mitigation makes the\n ACK check more stringent since any ACK \u003c SND.UNA wouldn\u0027t be\n accepted, instead only ACKs that are in the range ((SND.UNA -\n MAX.SND.WND) \u003c= SEG.ACK \u003c= SND.NXT) get through.\n\nThis can be refined for new (and possibly spoofed) flows,\nby not accepting ACK for bytes that were never sent.\n\nThis greatly improves TCP security at a little cost.\n\nI added a Fixes: tag to make sure this patch will reach stable trees,\neven if the \u0027blamed\u0027 patch was adhering to the RFC.\n\ntp-\u003ebytes_acked was added in linux-4.2\n\nFollowing packetdrill test (courtesy of Yepeng Pan) shows\nthe issue at hand:\n\n0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3\n+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0\n+0 bind(3, ..., ...) = 0\n+0 listen(3, 1024) = 0\n\n// ---------------- Handshake ------------------- //\n\n// when window scale is set to 14 the window size can be extended to\n// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet\n// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)\n// ,though this ack number acknowledges some data never\n// sent by the server.\n\n+0 \u003c S 0:0(0) win 65535 \u003cmss 1400,nop,wscale 14\u003e\n+0 \u003e S. 0:0(0) ack 1 \u003c...\u003e\n+0 \u003c . 1:1(0) ack 1 win 65535\n+0 accept(3, ..., ...) = 4\n\n// For the established connection, we send an ACK packet,\n// the ack packet uses ack number 1 - 1073725300 + 2^32,\n// where 2^32 is used to wrap around.\n// Note: we used 1073725300 instead of 1073725440 to avoid possible\n// edge cases.\n// 1 - 1073725300 + 2^32 = 3221241997\n\n// Oops, old kernels happily accept this packet.\n+0 \u003c . 1:1001(1000) ack 3221241997 win 65535\n\n// After the kernel fix the following will be replaced by a challenge ACK,\n// and prior malicious frame would be dropped.\n+0 \u003e . 1:1(0) ack 1001"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:46.197Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57"
},
{
"url": "https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a"
},
{
"url": "https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0"
},
{
"url": "https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a"
},
{
"url": "https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc"
},
{
"url": "https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440"
},
{
"url": "https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757"
},
{
"url": "https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27"
}
],
"title": "tcp: do not accept ACK of bytes we never sent",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52881",
"datePublished": "2024-05-29T10:15:14.186Z",
"dateReserved": "2024-05-21T15:35:00.781Z",
"dateUpdated": "2025-05-04T12:49:46.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37021 (GCVE-0-2024-37021)
Vulnerability from cvelistv5
Published
2024-06-24 13:56
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fpga: manager: add owner module and take its refcount
The current implementation of the fpga manager assumes that the low-level
module registers a driver for the parent device and uses its owner pointer
to take the module's refcount. This approach is problematic since it can
lead to a null pointer dereference while attempting to get the manager if
the parent device does not have a driver.
To address this problem, add a module owner pointer to the fpga_manager
struct and use it to take the module's refcount. Modify the functions for
registering the manager to take an additional owner module parameter and
rename them to avoid conflicts. Use the old function names for helper
macros that automatically set the module that registers the manager as the
owner. This ensures compatibility with existing low-level control modules
and reduces the chances of registering a manager without setting the owner.
Also, update the documentation to keep it consistent with the new interface
for registering an fpga manager.
Other changes: opportunistically move put_device() from __fpga_mgr_get() to
fpga_mgr_get() and of_fpga_mgr_get() to improve code clarity since the
manager device is taken in these functions.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2da62a139a6221a345db4eb9f4f1c4b0937c89ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62ac496a01c9337a11362cea427038ba621ca9eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d4d2d4346857bf778fafaa97d6f76bb1663e3c9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37021",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:08:30.677079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:43.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"Documentation/driver-api/fpga/fpga-mgr.rst",
"drivers/fpga/fpga-mgr.c",
"include/linux/fpga/fpga-mgr.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "304f8032d601d4f9322ca841cd0b573bd1beb158",
"status": "affected",
"version": "654ba4cc0f3ed7c0f08bfb39f66059d8c42943ee",
"versionType": "git"
},
{
"lessThan": "2da62a139a6221a345db4eb9f4f1c4b0937c89ad",
"status": "affected",
"version": "654ba4cc0f3ed7c0f08bfb39f66059d8c42943ee",
"versionType": "git"
},
{
"lessThan": "62ac496a01c9337a11362cea427038ba621ca9eb",
"status": "affected",
"version": "654ba4cc0f3ed7c0f08bfb39f66059d8c42943ee",
"versionType": "git"
},
{
"lessThan": "4d4d2d4346857bf778fafaa97d6f76bb1663e3c9",
"status": "affected",
"version": "654ba4cc0f3ed7c0f08bfb39f66059d8c42943ee",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"Documentation/driver-api/fpga/fpga-mgr.rst",
"drivers/fpga/fpga-mgr.c",
"include/linux/fpga/fpga-mgr.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.4"
},
{
"lessThan": "4.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: manager: add owner module and take its refcount\n\nThe current implementation of the fpga manager assumes that the low-level\nmodule registers a driver for the parent device and uses its owner pointer\nto take the module\u0027s refcount. This approach is problematic since it can\nlead to a null pointer dereference while attempting to get the manager if\nthe parent device does not have a driver.\n\nTo address this problem, add a module owner pointer to the fpga_manager\nstruct and use it to take the module\u0027s refcount. Modify the functions for\nregistering the manager to take an additional owner module parameter and\nrename them to avoid conflicts. Use the old function names for helper\nmacros that automatically set the module that registers the manager as the\nowner. This ensures compatibility with existing low-level control modules\nand reduces the chances of registering a manager without setting the owner.\n\nAlso, update the documentation to keep it consistent with the new interface\nfor registering an fpga manager.\n\nOther changes: opportunistically move put_device() from __fpga_mgr_get() to\nfpga_mgr_get() and of_fpga_mgr_get() to improve code clarity since the\nmanager device is taken in these functions."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:16.931Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/304f8032d601d4f9322ca841cd0b573bd1beb158"
},
{
"url": "https://git.kernel.org/stable/c/2da62a139a6221a345db4eb9f4f1c4b0937c89ad"
},
{
"url": "https://git.kernel.org/stable/c/62ac496a01c9337a11362cea427038ba621ca9eb"
},
{
"url": "https://git.kernel.org/stable/c/4d4d2d4346857bf778fafaa97d6f76bb1663e3c9"
}
],
"title": "fpga: manager: add owner module and take its refcount",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-37021",
"datePublished": "2024-06-24T13:56:52.091Z",
"dateReserved": "2024-06-24T13:54:11.044Z",
"dateUpdated": "2025-05-04T09:13:16.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52843 (GCVE-0-2023-52843)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
llc: verify mac len before reading mac header
LLC reads the mac header with eth_hdr without verifying that the skb
has an Ethernet header.
Syzbot was able to enter llc_rcv on a tun device. Tun can insert
packets without mac len and with user configurable skb->protocol
(passing a tun_pi header when not configuring IFF_NO_PI).
BUG: KMSAN: uninit-value in llc_station_ac_send_test_r net/llc/llc_station.c:81 [inline]
BUG: KMSAN: uninit-value in llc_station_rcv+0x6fb/0x1290 net/llc/llc_station.c:111
llc_station_ac_send_test_r net/llc/llc_station.c:81 [inline]
llc_station_rcv+0x6fb/0x1290 net/llc/llc_station.c:111
llc_rcv+0xc5d/0x14a0 net/llc/llc_input.c:218
__netif_receive_skb_one_core net/core/dev.c:5523 [inline]
__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637
netif_receive_skb_internal net/core/dev.c:5723 [inline]
netif_receive_skb+0x58/0x660 net/core/dev.c:5782
tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555
tun_get_user+0x54c5/0x69c0 drivers/net/tun.c:2002
Add a mac_len test before all three eth_hdr(skb) calls under net/llc.
There are further uses in include/net/llc_pdu.h. All these are
protected by a test skb->protocol == ETH_P_802_2. Which does not
protect against this tun scenario.
But the mac_len test added in this patch in llc_fixup_skb will
indirectly protect those too. That is called from llc_rcv before any
other LLC code.
It is tempting to just add a blanket mac_len check in llc_rcv, but
not sure whether that could break valid LLC paths that do not assume
an Ethernet header. 802.2 LLC may be used on top of non-802.3
protocols in principle. The below referenced commit shows that used
to, on top of Token Ring.
At least one of the three eth_hdr uses goes back to before the start
of git history. But the one that syzbot exercises is introduced in
this commit. That commit is old enough (2008), that effectively all
stable kernels should receive this.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T18:03:39.566045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T18:04:29.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/900a4418e3f66a32db6baaf23f92b99c20ae6535"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a3f9054a5227d7567cba1fb821df48ccecad10c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cbdcdf42d15dac74c7287679fb2a9d955f8feb1f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a2653828ffc6101aef80bf58d5b77484239f779"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/352887b3edd007cf9b0abc30fe9d98622acd859b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f980e9a57dfb9530f1f4ee41a2420f2a256d7b29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a720d0259ad3521ec6c9e4199f9f6fc75bac77a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff5cb6a4f0c6d7fbdc84858323fb4b7af32cfd79"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b3ba18703a63f6fd487183b9262b08e5632da1b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/llc/llc_input.c",
"net/llc/llc_s_ac.c",
"net/llc/llc_station.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "900a4418e3f66a32db6baaf23f92b99c20ae6535",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "9a3f9054a5227d7567cba1fb821df48ccecad10c",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "cbdcdf42d15dac74c7287679fb2a9d955f8feb1f",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "3a2653828ffc6101aef80bf58d5b77484239f779",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "352887b3edd007cf9b0abc30fe9d98622acd859b",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "f980e9a57dfb9530f1f4ee41a2420f2a256d7b29",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "0a720d0259ad3521ec6c9e4199f9f6fc75bac77a",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "ff5cb6a4f0c6d7fbdc84858323fb4b7af32cfd79",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "7b3ba18703a63f6fd487183b9262b08e5632da1b",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/llc/llc_input.c",
"net/llc/llc_s_ac.c",
"net/llc/llc_station.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.25"
},
{
"lessThan": "2.6.25",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.330",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.330",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "2.6.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: verify mac len before reading mac header\n\nLLC reads the mac header with eth_hdr without verifying that the skb\nhas an Ethernet header.\n\nSyzbot was able to enter llc_rcv on a tun device. Tun can insert\npackets without mac len and with user configurable skb-\u003eprotocol\n(passing a tun_pi header when not configuring IFF_NO_PI).\n\n BUG: KMSAN: uninit-value in llc_station_ac_send_test_r net/llc/llc_station.c:81 [inline]\n BUG: KMSAN: uninit-value in llc_station_rcv+0x6fb/0x1290 net/llc/llc_station.c:111\n llc_station_ac_send_test_r net/llc/llc_station.c:81 [inline]\n llc_station_rcv+0x6fb/0x1290 net/llc/llc_station.c:111\n llc_rcv+0xc5d/0x14a0 net/llc/llc_input.c:218\n __netif_receive_skb_one_core net/core/dev.c:5523 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637\n netif_receive_skb_internal net/core/dev.c:5723 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5782\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555\n tun_get_user+0x54c5/0x69c0 drivers/net/tun.c:2002\n\nAdd a mac_len test before all three eth_hdr(skb) calls under net/llc.\n\nThere are further uses in include/net/llc_pdu.h. All these are\nprotected by a test skb-\u003eprotocol == ETH_P_802_2. Which does not\nprotect against this tun scenario.\n\nBut the mac_len test added in this patch in llc_fixup_skb will\nindirectly protect those too. That is called from llc_rcv before any\nother LLC code.\n\nIt is tempting to just add a blanket mac_len check in llc_rcv, but\nnot sure whether that could break valid LLC paths that do not assume\nan Ethernet header. 802.2 LLC may be used on top of non-802.3\nprotocols in principle. The below referenced commit shows that used\nto, on top of Token Ring.\n\nAt least one of the three eth_hdr uses goes back to before the start\nof git history. But the one that syzbot exercises is introduced in\nthis commit. That commit is old enough (2008), that effectively all\nstable kernels should receive this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:09.610Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/900a4418e3f66a32db6baaf23f92b99c20ae6535"
},
{
"url": "https://git.kernel.org/stable/c/9a3f9054a5227d7567cba1fb821df48ccecad10c"
},
{
"url": "https://git.kernel.org/stable/c/cbdcdf42d15dac74c7287679fb2a9d955f8feb1f"
},
{
"url": "https://git.kernel.org/stable/c/3a2653828ffc6101aef80bf58d5b77484239f779"
},
{
"url": "https://git.kernel.org/stable/c/352887b3edd007cf9b0abc30fe9d98622acd859b"
},
{
"url": "https://git.kernel.org/stable/c/f980e9a57dfb9530f1f4ee41a2420f2a256d7b29"
},
{
"url": "https://git.kernel.org/stable/c/0a720d0259ad3521ec6c9e4199f9f6fc75bac77a"
},
{
"url": "https://git.kernel.org/stable/c/ff5cb6a4f0c6d7fbdc84858323fb4b7af32cfd79"
},
{
"url": "https://git.kernel.org/stable/c/7b3ba18703a63f6fd487183b9262b08e5632da1b"
}
],
"title": "llc: verify mac len before reading mac header",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52843",
"datePublished": "2024-05-21T15:31:41.872Z",
"dateReserved": "2024-05-21T15:19:24.254Z",
"dateUpdated": "2025-05-04T07:44:09.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36281 (GCVE-0-2024-36281)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules
rx_create no longer allocates a modify_hdr instance that needs to be
cleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointer
dereference. A leak in the rules also previously occurred since there are
now two rules populated related to status.
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 109907067 P4D 109907067 PUD 116890067 PMD 0
Oops: 0000 [#1] SMP
CPU: 1 PID: 484 Comm: ip Not tainted 6.9.0-rc2-rrameshbabu+ #254
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Arch Linux 1.16.3-1-1 04/01/2014
RIP: 0010:mlx5_modify_header_dealloc+0xd/0x70
<snip>
Call Trace:
<TASK>
? show_regs+0x60/0x70
? __die+0x24/0x70
? page_fault_oops+0x15f/0x430
? free_to_partial_list.constprop.0+0x79/0x150
? do_user_addr_fault+0x2c9/0x5c0
? exc_page_fault+0x63/0x110
? asm_exc_page_fault+0x27/0x30
? mlx5_modify_header_dealloc+0xd/0x70
rx_create+0x374/0x590
rx_add_rule+0x3ad/0x500
? rx_add_rule+0x3ad/0x500
? mlx5_cmd_exec+0x2c/0x40
? mlx5_create_ipsec_obj+0xd6/0x200
mlx5e_accel_ipsec_fs_add_rule+0x31/0xf0
mlx5e_xfrm_add_state+0x426/0xc00
<snip>
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:04.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0a15cde37a8388e57573686f650a17208ae1212"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc9ac559f2e21894c21ac5b0c85fb24a5cab266c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16d66a4fa81da07bc4ed19f4e53b87263c2f8d38"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:37.941517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:46.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b0a15cde37a8388e57573686f650a17208ae1212",
"status": "affected",
"version": "20af7afcd8b85a4cb413072d631bf9a6469eee3a",
"versionType": "git"
},
{
"lessThan": "cc9ac559f2e21894c21ac5b0c85fb24a5cab266c",
"status": "affected",
"version": "94af50c0a9bb961fe93cf0fdd14eb0883da86721",
"versionType": "git"
},
{
"lessThan": "16d66a4fa81da07bc4ed19f4e53b87263c2f8d38",
"status": "affected",
"version": "94af50c0a9bb961fe93cf0fdd14eb0883da86721",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules\n\nrx_create no longer allocates a modify_hdr instance that needs to be\ncleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointer\ndereference. A leak in the rules also previously occurred since there are\nnow two rules populated related to status.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 109907067 P4D 109907067 PUD 116890067 PMD 0\n Oops: 0000 [#1] SMP\n CPU: 1 PID: 484 Comm: ip Not tainted 6.9.0-rc2-rrameshbabu+ #254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n RIP: 0010:mlx5_modify_header_dealloc+0xd/0x70\n \u003csnip\u003e\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x60/0x70\n ? __die+0x24/0x70\n ? page_fault_oops+0x15f/0x430\n ? free_to_partial_list.constprop.0+0x79/0x150\n ? do_user_addr_fault+0x2c9/0x5c0\n ? exc_page_fault+0x63/0x110\n ? asm_exc_page_fault+0x27/0x30\n ? mlx5_modify_header_dealloc+0xd/0x70\n rx_create+0x374/0x590\n rx_add_rule+0x3ad/0x500\n ? rx_add_rule+0x3ad/0x500\n ? mlx5_cmd_exec+0x2c/0x40\n ? mlx5_create_ipsec_obj+0xd6/0x200\n mlx5e_accel_ipsec_fs_add_rule+0x31/0xf0\n mlx5e_xfrm_add_state+0x426/0xc00\n \u003csnip\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:02.138Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b0a15cde37a8388e57573686f650a17208ae1212"
},
{
"url": "https://git.kernel.org/stable/c/cc9ac559f2e21894c21ac5b0c85fb24a5cab266c"
},
{
"url": "https://git.kernel.org/stable/c/16d66a4fa81da07bc4ed19f4e53b87263c2f8d38"
}
],
"title": "net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36281",
"datePublished": "2024-06-21T10:18:07.695Z",
"dateReserved": "2024-06-21T10:12:11.453Z",
"dateUpdated": "2025-05-04T09:11:02.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36924 (GCVE-0-2024-36924)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
lpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the
hbalock. Thus, lpfc_worker_wake_up() should not be called while holding the
hbalock to avoid potential deadlock.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:15:38.409036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:15:46.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6503c39398506cadda9f4c81695a9655ca5fb4fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8bf2c05e8ad68e90f9d5889a9e4ef3f6fe00683"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee833d7e62de2b84ed1332d501b67f12e7e5678f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ded20192dff31c91cef2a04f7e20e60e9bb887d3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_els.c",
"drivers/scsi/lpfc/lpfc_hbadisc.c",
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6503c39398506cadda9f4c81695a9655ca5fb4fd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e8bf2c05e8ad68e90f9d5889a9e4ef3f6fe00683",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ee833d7e62de2b84ed1332d501b67f12e7e5678f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ded20192dff31c91cef2a04f7e20e60e9bb887d3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_els.c",
"drivers/scsi/lpfc/lpfc_hbadisc.c",
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()\n\nlpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the\nhbalock. Thus, lpfc_worker_wake_up() should not be called while holding the\nhbalock to avoid potential deadlock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:10.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6503c39398506cadda9f4c81695a9655ca5fb4fd"
},
{
"url": "https://git.kernel.org/stable/c/e8bf2c05e8ad68e90f9d5889a9e4ef3f6fe00683"
},
{
"url": "https://git.kernel.org/stable/c/ee833d7e62de2b84ed1332d501b67f12e7e5678f"
},
{
"url": "https://git.kernel.org/stable/c/ded20192dff31c91cef2a04f7e20e60e9bb887d3"
}
],
"title": "scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36924",
"datePublished": "2024-05-30T15:29:18.113Z",
"dateReserved": "2024-05-30T15:25:07.069Z",
"dateUpdated": "2025-05-04T09:12:10.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52735 (GCVE-0-2023-52735)
Vulnerability from cvelistv5
Published
2024-05-21 15:22
Modified
2025-07-30 13:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself
sock_map proto callbacks should never call themselves by design. Protect
against bugs like [1] and break out of the recursive loop to avoid a stack
overflow in favor of a resource leak.
[1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "1da177e4c3f4"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15.95"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.13"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:47:22.743454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T13:34:33.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f312367f5246e04df564d341044286e9e37a97ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7499859881488da97589f3c79cc66fa75748ad49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b4a79ba65a1ab479903fff2e604865d229b70a9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/sock_map.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f312367f5246e04df564d341044286e9e37a97ba",
"status": "affected",
"version": "c5cc0d23c5414d23438c5024890e367cc5a0e645",
"versionType": "git"
},
{
"lessThan": "7499859881488da97589f3c79cc66fa75748ad49",
"status": "affected",
"version": "c5d2177a72a1659554922728fc407f59950aa929",
"versionType": "git"
},
{
"lessThan": "5b4a79ba65a1ab479903fff2e604865d229b70a9",
"status": "affected",
"version": "c5d2177a72a1659554922728fc407f59950aa929",
"versionType": "git"
},
{
"status": "affected",
"version": "0580e47c8895a4d61ee095f086cba1ded7ca5e7f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/sock_map.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.95",
"versionStartIncluding": "5.15.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.13",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Don\u0027t let sock_map_{close,destroy,unhash} call itself\n\nsock_map proto callbacks should never call themselves by design. Protect\nagainst bugs like [1] and break out of the recursive loop to avoid a stack\noverflow in favor of a resource leak.\n\n[1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/"
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T05:58:52.242Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f312367f5246e04df564d341044286e9e37a97ba"
},
{
"url": "https://git.kernel.org/stable/c/7499859881488da97589f3c79cc66fa75748ad49"
},
{
"url": "https://git.kernel.org/stable/c/5b4a79ba65a1ab479903fff2e604865d229b70a9"
}
],
"title": "bpf, sockmap: Don\u0027t let sock_map_{close,destroy,unhash} call itself",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52735",
"datePublished": "2024-05-21T15:22:59.893Z",
"dateReserved": "2024-05-21T15:19:24.232Z",
"dateUpdated": "2025-07-30T13:34:33.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35857 (GCVE-0-2024-35857)
Vulnerability from cvelistv5
Published
2024-05-17 14:47
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
icmp: prevent possible NULL dereferences from icmp_build_probe()
First problem is a double call to __in_dev_get_rcu(), because
the second one could return NULL.
if (__in_dev_get_rcu(dev) && __in_dev_get_rcu(dev)->ifa_list)
Second problem is a read from dev->ip6_ptr with no NULL check:
if (!list_empty(&rcu_dereference(dev->ip6_ptr)->addr_list))
Use the correct RCU API to fix these.
v2: add missing include <net/addrconf.h>
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T16:57:35.906301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:12:11.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/23b7ee4a8d559bf38eac7ce5bb2f6ebf76f9c401"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/599c9ad5e1d43f5c12d869f5fd406ba5d8c55270"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d68dc711d84fdcf698e5d45308c3ddeede586350"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3e2979bf080c40da4f7c93aff8575ab8bc62b767"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c58e88d49097bd12dfcfef4f075b43f5d5830941"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/icmp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "23b7ee4a8d559bf38eac7ce5bb2f6ebf76f9c401",
"status": "affected",
"version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4",
"versionType": "git"
},
{
"lessThan": "599c9ad5e1d43f5c12d869f5fd406ba5d8c55270",
"status": "affected",
"version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4",
"versionType": "git"
},
{
"lessThan": "d68dc711d84fdcf698e5d45308c3ddeede586350",
"status": "affected",
"version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4",
"versionType": "git"
},
{
"lessThan": "3e2979bf080c40da4f7c93aff8575ab8bc62b767",
"status": "affected",
"version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4",
"versionType": "git"
},
{
"lessThan": "c58e88d49097bd12dfcfef4f075b43f5d5830941",
"status": "affected",
"version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/icmp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp: prevent possible NULL dereferences from icmp_build_probe()\n\nFirst problem is a double call to __in_dev_get_rcu(), because\nthe second one could return NULL.\n\nif (__in_dev_get_rcu(dev) \u0026\u0026 __in_dev_get_rcu(dev)-\u003eifa_list)\n\nSecond problem is a read from dev-\u003eip6_ptr with no NULL check:\n\nif (!list_empty(\u0026rcu_dereference(dev-\u003eip6_ptr)-\u003eaddr_list))\n\nUse the correct RCU API to fix these.\n\nv2: add missing include \u003cnet/addrconf.h\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:58.879Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/23b7ee4a8d559bf38eac7ce5bb2f6ebf76f9c401"
},
{
"url": "https://git.kernel.org/stable/c/599c9ad5e1d43f5c12d869f5fd406ba5d8c55270"
},
{
"url": "https://git.kernel.org/stable/c/d68dc711d84fdcf698e5d45308c3ddeede586350"
},
{
"url": "https://git.kernel.org/stable/c/3e2979bf080c40da4f7c93aff8575ab8bc62b767"
},
{
"url": "https://git.kernel.org/stable/c/c58e88d49097bd12dfcfef4f075b43f5d5830941"
}
],
"title": "icmp: prevent possible NULL dereferences from icmp_build_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35857",
"datePublished": "2024-05-17T14:47:32.763Z",
"dateReserved": "2024-05-17T13:50:33.106Z",
"dateUpdated": "2025-05-04T09:06:58.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35247 (GCVE-0-2024-35247)
Vulnerability from cvelistv5
Published
2024-06-24 13:56
Modified
2025-05-04 09:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fpga: region: add owner module and take its refcount
The current implementation of the fpga region assumes that the low-level
module registers a driver for the parent device and uses its owner pointer
to take the module's refcount. This approach is problematic since it can
lead to a null pointer dereference while attempting to get the region
during programming if the parent device does not have a driver.
To address this problem, add a module owner pointer to the fpga_region
struct and use it to take the module's refcount. Modify the functions for
registering a region to take an additional owner module parameter and
rename them to avoid conflicts. Use the old function names for helper
macros that automatically set the module that registers the region as the
owner. This ensures compatibility with existing low-level control modules
and reduces the chances of registering a region without setting the owner.
Also, update the documentation to keep it consistent with the new interface
for registering an fpga region.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0fa20cdfcc1f68847cdfc47824476301eedc8297 Version: 0fa20cdfcc1f68847cdfc47824476301eedc8297 Version: 0fa20cdfcc1f68847cdfc47824476301eedc8297 Version: 0fa20cdfcc1f68847cdfc47824476301eedc8297 Version: 0fa20cdfcc1f68847cdfc47824476301eedc8297 Version: 0fa20cdfcc1f68847cdfc47824476301eedc8297 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26e6e25d742e29885cf44274fcf6b744366c4702"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b4eee8572dcf82b2ed17d9a328c7fb87df2f0e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75a001914a8d2ccdcbe4b8cc7e94ac71d0e66093"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d7d12b643c00e7eea51b49a60a2ead182633ec8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2279c09c36165ccded4d506d11a7714e13b56019"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7c0e1ecee403a43abc89eb3e75672b01ff2ece9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:08:36.896570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:43.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"Documentation/driver-api/fpga/fpga-region.rst",
"drivers/fpga/fpga-region.c",
"include/linux/fpga/fpga-region.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "26e6e25d742e29885cf44274fcf6b744366c4702",
"status": "affected",
"version": "0fa20cdfcc1f68847cdfc47824476301eedc8297",
"versionType": "git"
},
{
"lessThan": "9b4eee8572dcf82b2ed17d9a328c7fb87df2f0e8",
"status": "affected",
"version": "0fa20cdfcc1f68847cdfc47824476301eedc8297",
"versionType": "git"
},
{
"lessThan": "75a001914a8d2ccdcbe4b8cc7e94ac71d0e66093",
"status": "affected",
"version": "0fa20cdfcc1f68847cdfc47824476301eedc8297",
"versionType": "git"
},
{
"lessThan": "4d7d12b643c00e7eea51b49a60a2ead182633ec8",
"status": "affected",
"version": "0fa20cdfcc1f68847cdfc47824476301eedc8297",
"versionType": "git"
},
{
"lessThan": "2279c09c36165ccded4d506d11a7714e13b56019",
"status": "affected",
"version": "0fa20cdfcc1f68847cdfc47824476301eedc8297",
"versionType": "git"
},
{
"lessThan": "b7c0e1ecee403a43abc89eb3e75672b01ff2ece9",
"status": "affected",
"version": "0fa20cdfcc1f68847cdfc47824476301eedc8297",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"Documentation/driver-api/fpga/fpga-region.rst",
"drivers/fpga/fpga-region.c",
"include/linux/fpga/fpga-region.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: region: add owner module and take its refcount\n\nThe current implementation of the fpga region assumes that the low-level\nmodule registers a driver for the parent device and uses its owner pointer\nto take the module\u0027s refcount. This approach is problematic since it can\nlead to a null pointer dereference while attempting to get the region\nduring programming if the parent device does not have a driver.\n\nTo address this problem, add a module owner pointer to the fpga_region\nstruct and use it to take the module\u0027s refcount. Modify the functions for\nregistering a region to take an additional owner module parameter and\nrename them to avoid conflicts. Use the old function names for helper\nmacros that automatically set the module that registers the region as the\nowner. This ensures compatibility with existing low-level control modules\nand reduces the chances of registering a region without setting the owner.\n\nAlso, update the documentation to keep it consistent with the new interface\nfor registering an fpga region."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:17.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/26e6e25d742e29885cf44274fcf6b744366c4702"
},
{
"url": "https://git.kernel.org/stable/c/9b4eee8572dcf82b2ed17d9a328c7fb87df2f0e8"
},
{
"url": "https://git.kernel.org/stable/c/75a001914a8d2ccdcbe4b8cc7e94ac71d0e66093"
},
{
"url": "https://git.kernel.org/stable/c/4d7d12b643c00e7eea51b49a60a2ead182633ec8"
},
{
"url": "https://git.kernel.org/stable/c/2279c09c36165ccded4d506d11a7714e13b56019"
},
{
"url": "https://git.kernel.org/stable/c/b7c0e1ecee403a43abc89eb3e75672b01ff2ece9"
}
],
"title": "fpga: region: add owner module and take its refcount",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35247",
"datePublished": "2024-06-24T13:56:50.704Z",
"dateReserved": "2024-06-24T13:54:11.059Z",
"dateUpdated": "2025-05-04T09:05:17.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35998 (GCVE-0-2024-35998)
Vulnerability from cvelistv5
Published
2024-05-20 09:48
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb3: fix lock ordering potential deadlock in cifs_sync_mid_result
Coverity spotted that the cifs_sync_mid_result function could deadlock
"Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires
lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock"
Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)")
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:02:37.597444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:59.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:11.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7a4bca289e50bb4b2650f845c41bb3e453f4c66"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/699f8958dece132709c0bff6a9700999a2a63b75"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8248224ab5b8ca7559b671917c224296a4d671fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8861fd5180476f45f9e8853db154600469a0284f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c7a4bca289e50bb4b2650f845c41bb3e453f4c66",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "699f8958dece132709c0bff6a9700999a2a63b75",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8248224ab5b8ca7559b671917c224296a4d671fc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8861fd5180476f45f9e8853db154600469a0284f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix lock ordering potential deadlock in cifs_sync_mid_result\n\nCoverity spotted that the cifs_sync_mid_result function could deadlock\n\n\"Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires\nlock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock\"\n\nAddresses-Coverity: 1590401 (\"Thread deadlock (ORDER_REVERSAL)\")"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:13.164Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c7a4bca289e50bb4b2650f845c41bb3e453f4c66"
},
{
"url": "https://git.kernel.org/stable/c/699f8958dece132709c0bff6a9700999a2a63b75"
},
{
"url": "https://git.kernel.org/stable/c/8248224ab5b8ca7559b671917c224296a4d671fc"
},
{
"url": "https://git.kernel.org/stable/c/8861fd5180476f45f9e8853db154600469a0284f"
}
],
"title": "smb3: fix lock ordering potential deadlock in cifs_sync_mid_result",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35998",
"datePublished": "2024-05-20T09:48:01.009Z",
"dateReserved": "2024-05-17T13:50:33.148Z",
"dateUpdated": "2025-05-04T09:10:13.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36935 (GCVE-0-2024-36935)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: ensure the copied buf is NUL terminated
Currently, we allocate a count-sized kernel buffer and copy count bytes
from userspace to that buffer. Later, we use sscanf on this buffer but we
don't ensure that the string is terminated inside the buffer, this can lead
to OOB read when using sscanf. Fix this issue by using memdup_user_nul
instead of memdup_user.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:14:54.419076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:15:04.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ff4de981983ed84f29b5d92b6550ec054e12a92"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/666854ea9cad844f75a068f32812a2d78004914a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5ff4de981983ed84f29b5d92b6550ec054e12a92",
"status": "affected",
"version": "96a9a9341cdaea0c3bce4c134e04a2a42ae899ac",
"versionType": "git"
},
{
"lessThan": "666854ea9cad844f75a068f32812a2d78004914a",
"status": "affected",
"version": "96a9a9341cdaea0c3bce4c134e04a2a42ae899ac",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count bytes\nfrom userspace to that buffer. Later, we use sscanf on this buffer but we\ndon\u0027t ensure that the string is terminated inside the buffer, this can lead\nto OOB read when using sscanf. Fix this issue by using memdup_user_nul\ninstead of memdup_user."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:24.165Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5ff4de981983ed84f29b5d92b6550ec054e12a92"
},
{
"url": "https://git.kernel.org/stable/c/666854ea9cad844f75a068f32812a2d78004914a"
}
],
"title": "ice: ensure the copied buf is NUL terminated",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36935",
"datePublished": "2024-05-30T15:29:24.941Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2025-05-04T09:12:24.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38571 (GCVE-0-2024-38571)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/tsens: Fix null pointer dereference
compute_intercept_slope() is called from calibrate_8960() (in tsens-8960.c)
as compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) which lead to null
pointer dereference (if DEBUG or DYNAMIC_DEBUG set).
Fix this bug by adding null pointer check.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: dfc1193d4dbd6c3cb68c944413146c940bde290a Version: dfc1193d4dbd6c3cb68c944413146c940bde290a Version: dfc1193d4dbd6c3cb68c944413146c940bde290a Version: dfc1193d4dbd6c3cb68c944413146c940bde290a Version: dfc1193d4dbd6c3cb68c944413146c940bde290a Version: dfc1193d4dbd6c3cb68c944413146c940bde290a |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/27600e0c5272a262b0903e35ae1df37d33c5c1ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/11c731386ed82053c2759b6fea1a82ae946e5e0f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d5ca6e4a2872e92a32fdfd87e04dd7d3ced7278"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06d17744b77bc6cb29a6c785f4fad8c4163ee653"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fcf5f1b5f308f2eb422f6aca55d295b25890906b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d998ddc86a27c92140b9f7984ff41e3d1d07a48f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38571",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:18.948135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:56.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/qcom/tsens.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "27600e0c5272a262b0903e35ae1df37d33c5c1ad",
"status": "affected",
"version": "dfc1193d4dbd6c3cb68c944413146c940bde290a",
"versionType": "git"
},
{
"lessThan": "11c731386ed82053c2759b6fea1a82ae946e5e0f",
"status": "affected",
"version": "dfc1193d4dbd6c3cb68c944413146c940bde290a",
"versionType": "git"
},
{
"lessThan": "2d5ca6e4a2872e92a32fdfd87e04dd7d3ced7278",
"status": "affected",
"version": "dfc1193d4dbd6c3cb68c944413146c940bde290a",
"versionType": "git"
},
{
"lessThan": "06d17744b77bc6cb29a6c785f4fad8c4163ee653",
"status": "affected",
"version": "dfc1193d4dbd6c3cb68c944413146c940bde290a",
"versionType": "git"
},
{
"lessThan": "fcf5f1b5f308f2eb422f6aca55d295b25890906b",
"status": "affected",
"version": "dfc1193d4dbd6c3cb68c944413146c940bde290a",
"versionType": "git"
},
{
"lessThan": "d998ddc86a27c92140b9f7984ff41e3d1d07a48f",
"status": "affected",
"version": "dfc1193d4dbd6c3cb68c944413146c940bde290a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/qcom/tsens.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/tsens: Fix null pointer dereference\n\ncompute_intercept_slope() is called from calibrate_8960() (in tsens-8960.c)\nas compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) which lead to null\npointer dereference (if DEBUG or DYNAMIC_DEBUG set).\nFix this bug by adding null pointer check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:21.937Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/27600e0c5272a262b0903e35ae1df37d33c5c1ad"
},
{
"url": "https://git.kernel.org/stable/c/11c731386ed82053c2759b6fea1a82ae946e5e0f"
},
{
"url": "https://git.kernel.org/stable/c/2d5ca6e4a2872e92a32fdfd87e04dd7d3ced7278"
},
{
"url": "https://git.kernel.org/stable/c/06d17744b77bc6cb29a6c785f4fad8c4163ee653"
},
{
"url": "https://git.kernel.org/stable/c/fcf5f1b5f308f2eb422f6aca55d295b25890906b"
},
{
"url": "https://git.kernel.org/stable/c/d998ddc86a27c92140b9f7984ff41e3d1d07a48f"
}
],
"title": "thermal/drivers/tsens: Fix null pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38571",
"datePublished": "2024-06-19T13:35:36.981Z",
"dateReserved": "2024-06-18T19:36:34.923Z",
"dateUpdated": "2025-05-04T09:14:21.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52799 (GCVE-0-2023-52799)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix array-index-out-of-bounds in dbFindLeaf
Currently while searching for dmtree_t for sufficient free blocks there
is an array out of bounds while getting element in tp->dm_stree. To add
the required check for out of bound we first need to determine the type
of dmtree. Thus added an extra parameter to dbFindLeaf so that the type
of tree can be determined and the required check can be applied.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T17:20:55.514685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:02.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/20f9310a18e3e99fc031e036fcbed67105ae1859"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/86df90f3fea7c5591f05c8a0010871d435e83046"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecfb47f13b08b02cf28b7b50d4941eefa21954d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81aa58cd8495b8c3b527f58ccbe19478d8087f61"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/da3da5e1e6f71c21d8e6149d7076d936ef5d4cb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a50b796d36719757526ee094c703378895ab5e67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88b7894a8f8705bf4e7ea90b10229376abf14514"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87c681ab49e99039ff2dd3e71852417381b13878"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22cad8bc1d36547cdae0eef316c47d917ce3147c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "20f9310a18e3e99fc031e036fcbed67105ae1859",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "86df90f3fea7c5591f05c8a0010871d435e83046",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ecfb47f13b08b02cf28b7b50d4941eefa21954d2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "81aa58cd8495b8c3b527f58ccbe19478d8087f61",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "da3da5e1e6f71c21d8e6149d7076d936ef5d4cb9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a50b796d36719757526ee094c703378895ab5e67",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "88b7894a8f8705bf4e7ea90b10229376abf14514",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "87c681ab49e99039ff2dd3e71852417381b13878",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "22cad8bc1d36547cdae0eef316c47d917ce3147c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in dbFindLeaf\n\nCurrently while searching for dmtree_t for sufficient free blocks there\nis an array out of bounds while getting element in tp-\u003edm_stree. To add\nthe required check for out of bound we first need to determine the type\nof dmtree. Thus added an extra parameter to dbFindLeaf so that the type\nof tree can be determined and the required check can be applied."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:25.356Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/20f9310a18e3e99fc031e036fcbed67105ae1859"
},
{
"url": "https://git.kernel.org/stable/c/86df90f3fea7c5591f05c8a0010871d435e83046"
},
{
"url": "https://git.kernel.org/stable/c/ecfb47f13b08b02cf28b7b50d4941eefa21954d2"
},
{
"url": "https://git.kernel.org/stable/c/81aa58cd8495b8c3b527f58ccbe19478d8087f61"
},
{
"url": "https://git.kernel.org/stable/c/da3da5e1e6f71c21d8e6149d7076d936ef5d4cb9"
},
{
"url": "https://git.kernel.org/stable/c/a50b796d36719757526ee094c703378895ab5e67"
},
{
"url": "https://git.kernel.org/stable/c/88b7894a8f8705bf4e7ea90b10229376abf14514"
},
{
"url": "https://git.kernel.org/stable/c/87c681ab49e99039ff2dd3e71852417381b13878"
},
{
"url": "https://git.kernel.org/stable/c/22cad8bc1d36547cdae0eef316c47d917ce3147c"
}
],
"title": "jfs: fix array-index-out-of-bounds in dbFindLeaf",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52799",
"datePublished": "2024-05-21T15:31:12.351Z",
"dateReserved": "2024-05-21T15:19:24.246Z",
"dateUpdated": "2025-05-04T07:43:25.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52795 (GCVE-0-2023-52795)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vhost-vdpa: fix use after free in vhost_vdpa_probe()
The put_device() calls vhost_vdpa_release_dev() which calls
ida_simple_remove() and frees "v". So this call to
ida_simple_remove() is a use after free and a double free.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T17:45:54.468862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:53.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0f8b8fb7df9d1a38652eb5aa817afccd3c56111"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae8ea4e200675a940c365b496ef8e3fb4123601c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bf04132cd64ccde4e9e9765d489c83fe83c09b7f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e07754e0a1ea2d63fb29574253d1fd7405607343"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vhost/vdpa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c0f8b8fb7df9d1a38652eb5aa817afccd3c56111",
"status": "affected",
"version": "ebe6a354fa7e0a7d5b581da31ad031b19d8693f9",
"versionType": "git"
},
{
"lessThan": "ae8ea4e200675a940c365b496ef8e3fb4123601c",
"status": "affected",
"version": "ebe6a354fa7e0a7d5b581da31ad031b19d8693f9",
"versionType": "git"
},
{
"lessThan": "bf04132cd64ccde4e9e9765d489c83fe83c09b7f",
"status": "affected",
"version": "ebe6a354fa7e0a7d5b581da31ad031b19d8693f9",
"versionType": "git"
},
{
"lessThan": "e07754e0a1ea2d63fb29574253d1fd7405607343",
"status": "affected",
"version": "ebe6a354fa7e0a7d5b581da31ad031b19d8693f9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vhost/vdpa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-vdpa: fix use after free in vhost_vdpa_probe()\n\nThe put_device() calls vhost_vdpa_release_dev() which calls\nida_simple_remove() and frees \"v\". So this call to\nida_simple_remove() is a use after free and a double free."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:20.364Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c0f8b8fb7df9d1a38652eb5aa817afccd3c56111"
},
{
"url": "https://git.kernel.org/stable/c/ae8ea4e200675a940c365b496ef8e3fb4123601c"
},
{
"url": "https://git.kernel.org/stable/c/bf04132cd64ccde4e9e9765d489c83fe83c09b7f"
},
{
"url": "https://git.kernel.org/stable/c/e07754e0a1ea2d63fb29574253d1fd7405607343"
}
],
"title": "vhost-vdpa: fix use after free in vhost_vdpa_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52795",
"datePublished": "2024-05-21T15:31:09.623Z",
"dateReserved": "2024-05-21T15:19:24.246Z",
"dateUpdated": "2025-05-04T07:43:20.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52817 (GCVE-0-2023-52817)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-09-16 13:50
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
In certain types of chips, such as VEGA20, reading the amdgpu_regs_smc file could result in an abnormal null pointer access when the smc_rreg pointer is NULL. Below are the steps to reproduce this issue and the corresponding exception log:
1. Navigate to the directory: /sys/kernel/debug/dri/0
2. Execute command: cat amdgpu_regs_smc
3. Exception Log::
[4005007.702554] BUG: kernel NULL pointer dereference, address: 0000000000000000
[4005007.702562] #PF: supervisor instruction fetch in kernel mode
[4005007.702567] #PF: error_code(0x0010) - not-present page
[4005007.702570] PGD 0 P4D 0
[4005007.702576] Oops: 0010 [#1] SMP NOPTI
[4005007.702581] CPU: 4 PID: 62563 Comm: cat Tainted: G OE 5.15.0-43-generic #46-Ubunt u
[4005007.702590] RIP: 0010:0x0
[4005007.702598] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[4005007.702600] RSP: 0018:ffffa82b46d27da0 EFLAGS: 00010206
[4005007.702605] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffa82b46d27e68
[4005007.702609] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9940656e0000
[4005007.702612] RBP: ffffa82b46d27dd8 R08: 0000000000000000 R09: ffff994060c07980
[4005007.702615] R10: 0000000000020000 R11: 0000000000000000 R12: 00007f5e06753000
[4005007.702618] R13: ffff9940656e0000 R14: ffffa82b46d27e68 R15: 00007f5e06753000
[4005007.702622] FS: 00007f5e0755b740(0000) GS:ffff99479d300000(0000) knlGS:0000000000000000
[4005007.702626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[4005007.702629] CR2: ffffffffffffffd6 CR3: 00000003253fc000 CR4: 00000000003506e0
[4005007.702633] Call Trace:
[4005007.702636] <TASK>
[4005007.702640] amdgpu_debugfs_regs_smc_read+0xb0/0x120 [amdgpu]
[4005007.703002] full_proxy_read+0x5c/0x80
[4005007.703011] vfs_read+0x9f/0x1a0
[4005007.703019] ksys_read+0x67/0xe0
[4005007.703023] __x64_sys_read+0x19/0x20
[4005007.703028] do_syscall_64+0x5c/0xc0
[4005007.703034] ? do_user_addr_fault+0x1e3/0x670
[4005007.703040] ? exit_to_user_mode_prepare+0x37/0xb0
[4005007.703047] ? irqentry_exit_to_user_mode+0x9/0x20
[4005007.703052] ? irqentry_exit+0x19/0x30
[4005007.703057] ? exc_page_fault+0x89/0x160
[4005007.703062] ? asm_exc_page_fault+0x8/0x30
[4005007.703068] entry_SYSCALL_64_after_hwframe+0x44/0xae
[4005007.703075] RIP: 0033:0x7f5e07672992
[4005007.703079] Code: c0 e9 b2 fe ff ff 50 48 8d 3d fa b2 0c 00 e8 c5 1d 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 e c 28 48 89 54 24
[4005007.703083] RSP: 002b:00007ffe03097898 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[4005007.703088] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f5e07672992
[4005007.703091] RDX: 0000000000020000 RSI: 00007f5e06753000 RDI: 0000000000000003
[4005007.703094] RBP: 00007f5e06753000 R08: 00007f5e06752010 R09: 00007f5e06752010
[4005007.703096] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000022000
[4005007.703099] R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000
[4005007.703105] </TASK>
[4005007.703107] Modules linked in: nf_tables libcrc32c nfnetlink algif_hash af_alg binfmt_misc nls_ iso8859_1 ipmi_ssif ast intel_rapl_msr intel_rapl_common drm_vram_helper drm_ttm_helper amd64_edac t tm edac_mce_amd kvm_amd ccp mac_hid k10temp kvm acpi_ipmi ipmi_si rapl sch_fq_codel ipmi_devintf ipm i_msghandler msr parport_pc ppdev lp parport mtd pstore_blk efi_pstore ramoops pstore_zone reed_solo mon ip_tables x_tables autofs4 ib_uverbs ib_core amdgpu(OE) amddrm_ttm_helper(OE) amdttm(OE) iommu_v 2 amd_sched(OE) amdkcl(OE) drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec rc_core drm igb ahci xhci_pci libahci i2c_piix4 i2c_algo_bit xhci_pci_renesas dca
[4005007.703184] CR2: 0000000000000000
[4005007.703188] ---[ en
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bf2d51eedf03bd61e3556e35d74d49e2e6112398"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/437e0fa907ba39b4d7eda863c03ea9cf48bd93a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f475d5502f33a6c5b149b0afe96316ad1962a64a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/174f62a0aa15c211e60208b41ee9e7cdfb73d455"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c1b3d89a2dda79881726bb6e37af19c0936d736"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/820daf9ffe2b0afb804567b10983fb38bc5ae288"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ba3c0796d292de84f2932cc5bbb0f771fc720996"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5104fdf50d326db2c1a994f8b35dcd46e63ae4ad"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T14:18:47.738827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T13:50:38.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bf2d51eedf03bd61e3556e35d74d49e2e6112398",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "437e0fa907ba39b4d7eda863c03ea9cf48bd93a9",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "f475d5502f33a6c5b149b0afe96316ad1962a64a",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "174f62a0aa15c211e60208b41ee9e7cdfb73d455",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "6c1b3d89a2dda79881726bb6e37af19c0936d736",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "820daf9ffe2b0afb804567b10983fb38bc5ae288",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "ba3c0796d292de84f2932cc5bbb0f771fc720996",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "5104fdf50d326db2c1a994f8b35dcd46e63ae4ad",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL\n\nIn certain types of chips, such as VEGA20, reading the amdgpu_regs_smc file could result in an abnormal null pointer access when the smc_rreg pointer is NULL. Below are the steps to reproduce this issue and the corresponding exception log:\n\n1. Navigate to the directory: /sys/kernel/debug/dri/0\n2. Execute command: cat amdgpu_regs_smc\n3. Exception Log::\n[4005007.702554] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[4005007.702562] #PF: supervisor instruction fetch in kernel mode\n[4005007.702567] #PF: error_code(0x0010) - not-present page\n[4005007.702570] PGD 0 P4D 0\n[4005007.702576] Oops: 0010 [#1] SMP NOPTI\n[4005007.702581] CPU: 4 PID: 62563 Comm: cat Tainted: G OE 5.15.0-43-generic #46-Ubunt u\n[4005007.702590] RIP: 0010:0x0\n[4005007.702598] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.\n[4005007.702600] RSP: 0018:ffffa82b46d27da0 EFLAGS: 00010206\n[4005007.702605] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffa82b46d27e68\n[4005007.702609] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9940656e0000\n[4005007.702612] RBP: ffffa82b46d27dd8 R08: 0000000000000000 R09: ffff994060c07980\n[4005007.702615] R10: 0000000000020000 R11: 0000000000000000 R12: 00007f5e06753000\n[4005007.702618] R13: ffff9940656e0000 R14: ffffa82b46d27e68 R15: 00007f5e06753000\n[4005007.702622] FS: 00007f5e0755b740(0000) GS:ffff99479d300000(0000) knlGS:0000000000000000\n[4005007.702626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[4005007.702629] CR2: ffffffffffffffd6 CR3: 00000003253fc000 CR4: 00000000003506e0\n[4005007.702633] Call Trace:\n[4005007.702636] \u003cTASK\u003e\n[4005007.702640] amdgpu_debugfs_regs_smc_read+0xb0/0x120 [amdgpu]\n[4005007.703002] full_proxy_read+0x5c/0x80\n[4005007.703011] vfs_read+0x9f/0x1a0\n[4005007.703019] ksys_read+0x67/0xe0\n[4005007.703023] __x64_sys_read+0x19/0x20\n[4005007.703028] do_syscall_64+0x5c/0xc0\n[4005007.703034] ? do_user_addr_fault+0x1e3/0x670\n[4005007.703040] ? exit_to_user_mode_prepare+0x37/0xb0\n[4005007.703047] ? irqentry_exit_to_user_mode+0x9/0x20\n[4005007.703052] ? irqentry_exit+0x19/0x30\n[4005007.703057] ? exc_page_fault+0x89/0x160\n[4005007.703062] ? asm_exc_page_fault+0x8/0x30\n[4005007.703068] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[4005007.703075] RIP: 0033:0x7f5e07672992\n[4005007.703079] Code: c0 e9 b2 fe ff ff 50 48 8d 3d fa b2 0c 00 e8 c5 1d 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 e c 28 48 89 54 24\n[4005007.703083] RSP: 002b:00007ffe03097898 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n[4005007.703088] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f5e07672992\n[4005007.703091] RDX: 0000000000020000 RSI: 00007f5e06753000 RDI: 0000000000000003\n[4005007.703094] RBP: 00007f5e06753000 R08: 00007f5e06752010 R09: 00007f5e06752010\n[4005007.703096] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000022000\n[4005007.703099] R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000\n[4005007.703105] \u003c/TASK\u003e\n[4005007.703107] Modules linked in: nf_tables libcrc32c nfnetlink algif_hash af_alg binfmt_misc nls_ iso8859_1 ipmi_ssif ast intel_rapl_msr intel_rapl_common drm_vram_helper drm_ttm_helper amd64_edac t tm edac_mce_amd kvm_amd ccp mac_hid k10temp kvm acpi_ipmi ipmi_si rapl sch_fq_codel ipmi_devintf ipm i_msghandler msr parport_pc ppdev lp parport mtd pstore_blk efi_pstore ramoops pstore_zone reed_solo mon ip_tables x_tables autofs4 ib_uverbs ib_core amdgpu(OE) amddrm_ttm_helper(OE) amdttm(OE) iommu_v 2 amd_sched(OE) amdkcl(OE) drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec rc_core drm igb ahci xhci_pci libahci i2c_piix4 i2c_algo_bit xhci_pci_renesas dca\n[4005007.703184] CR2: 0000000000000000\n[4005007.703188] ---[ en\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T08:02:15.157Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bf2d51eedf03bd61e3556e35d74d49e2e6112398"
},
{
"url": "https://git.kernel.org/stable/c/437e0fa907ba39b4d7eda863c03ea9cf48bd93a9"
},
{
"url": "https://git.kernel.org/stable/c/f475d5502f33a6c5b149b0afe96316ad1962a64a"
},
{
"url": "https://git.kernel.org/stable/c/174f62a0aa15c211e60208b41ee9e7cdfb73d455"
},
{
"url": "https://git.kernel.org/stable/c/6c1b3d89a2dda79881726bb6e37af19c0936d736"
},
{
"url": "https://git.kernel.org/stable/c/820daf9ffe2b0afb804567b10983fb38bc5ae288"
},
{
"url": "https://git.kernel.org/stable/c/ba3c0796d292de84f2932cc5bbb0f771fc720996"
},
{
"url": "https://git.kernel.org/stable/c/5104fdf50d326db2c1a994f8b35dcd46e63ae4ad"
}
],
"title": "drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52817",
"datePublished": "2024-05-21T15:31:24.225Z",
"dateReserved": "2024-05-21T15:19:24.249Z",
"dateUpdated": "2025-09-16T13:50:38.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35970 (GCVE-0-2024-35970)
Vulnerability from cvelistv5
Published
2024-05-20 09:41
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Clear stale u->oob_skb.
syzkaller started to report deadlock of unix_gc_lock after commit
4090fa373f0e ("af_unix: Replace garbage collection algorithm."), but
it just uncovers the bug that has been there since commit 314001f0bf92
("af_unix: Add OOB support").
The repro basically does the following.
from socket import *
from array import array
c1, c2 = socketpair(AF_UNIX, SOCK_STREAM)
c1.sendmsg([b'a'], [(SOL_SOCKET, SCM_RIGHTS, array("i", [c2.fileno()]))], MSG_OOB)
c2.recv(1) # blocked as no normal data in recv queue
c2.close() # done async and unblock recv()
c1.close() # done async and trigger GC
A socket sends its file descriptor to itself as OOB data and tries to
receive normal data, but finally recv() fails due to async close().
The problem here is wrong handling of OOB skb in manage_oob(). When
recvmsg() is called without MSG_OOB, manage_oob() is called to check
if the peeked skb is OOB skb. In such a case, manage_oob() pops it
out of the receive queue but does not clear unix_sock(sk)->oob_skb.
This is wrong in terms of uAPI.
Let's say we send "hello" with MSG_OOB, and "world" without MSG_OOB.
The 'o' is handled as OOB data. When recv() is called twice without
MSG_OOB, the OOB data should be lost.
>>> from socket import *
>>> c1, c2 = socketpair(AF_UNIX, SOCK_STREAM, 0)
>>> c1.send(b'hello', MSG_OOB) # 'o' is OOB data
5
>>> c1.send(b'world')
5
>>> c2.recv(5) # OOB data is not received
b'hell'
>>> c2.recv(5) # OOB date is skipped
b'world'
>>> c2.recv(5, MSG_OOB) # This should return an error
b'o'
In the same situation, TCP actually returns -EINVAL for the last
recv().
Also, if we do not clear unix_sk(sk)->oob_skb, unix_poll() always set
EPOLLPRI even though the data has passed through by previous recv().
To avoid these issues, we must clear unix_sk(sk)->oob_skb when dequeuing
it from recv queue.
The reason why the old GC did not trigger the deadlock is because the
old GC relied on the receive queue to detect the loop.
When it is triggered, the socket with OOB data is marked as GC candidate
because file refcount == inflight count (1). However, after traversing
all inflight sockets, the socket still has a positive inflight count (1),
thus the socket is excluded from candidates. Then, the old GC lose the
chance to garbage-collect the socket.
With the old GC, the repro continues to create true garbage that will
never be freed nor detected by kmemleak as it's linked to the global
inflight list. That's why we couldn't even notice the issue.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:23:05.468197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T18:47:14.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4bc99d04c689b5652665394ae8d3e02fb754153"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84a352b7eba1142a95441380058985ff19f25ec9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/601a89ea24d05089debfa2dc896ea9f5937ac7a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/698a95ade1a00e6494482046902b986dfffd1caf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b46f4eaa4f0ec38909fb0072eea3aeddb32f954e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/unix/af_unix.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b4bc99d04c689b5652665394ae8d3e02fb754153",
"status": "affected",
"version": "314001f0bf927015e459c9d387d62a231fe93af3",
"versionType": "git"
},
{
"lessThan": "84a352b7eba1142a95441380058985ff19f25ec9",
"status": "affected",
"version": "314001f0bf927015e459c9d387d62a231fe93af3",
"versionType": "git"
},
{
"lessThan": "601a89ea24d05089debfa2dc896ea9f5937ac7a6",
"status": "affected",
"version": "314001f0bf927015e459c9d387d62a231fe93af3",
"versionType": "git"
},
{
"lessThan": "698a95ade1a00e6494482046902b986dfffd1caf",
"status": "affected",
"version": "314001f0bf927015e459c9d387d62a231fe93af3",
"versionType": "git"
},
{
"lessThan": "b46f4eaa4f0ec38909fb0072eea3aeddb32f954e",
"status": "affected",
"version": "314001f0bf927015e459c9d387d62a231fe93af3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/unix/af_unix.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Clear stale u-\u003eoob_skb.\n\nsyzkaller started to report deadlock of unix_gc_lock after commit\n4090fa373f0e (\"af_unix: Replace garbage collection algorithm.\"), but\nit just uncovers the bug that has been there since commit 314001f0bf92\n(\"af_unix: Add OOB support\").\n\nThe repro basically does the following.\n\n from socket import *\n from array import array\n\n c1, c2 = socketpair(AF_UNIX, SOCK_STREAM)\n c1.sendmsg([b\u0027a\u0027], [(SOL_SOCKET, SCM_RIGHTS, array(\"i\", [c2.fileno()]))], MSG_OOB)\n c2.recv(1) # blocked as no normal data in recv queue\n\n c2.close() # done async and unblock recv()\n c1.close() # done async and trigger GC\n\nA socket sends its file descriptor to itself as OOB data and tries to\nreceive normal data, but finally recv() fails due to async close().\n\nThe problem here is wrong handling of OOB skb in manage_oob(). When\nrecvmsg() is called without MSG_OOB, manage_oob() is called to check\nif the peeked skb is OOB skb. In such a case, manage_oob() pops it\nout of the receive queue but does not clear unix_sock(sk)-\u003eoob_skb.\nThis is wrong in terms of uAPI.\n\nLet\u0027s say we send \"hello\" with MSG_OOB, and \"world\" without MSG_OOB.\nThe \u0027o\u0027 is handled as OOB data. When recv() is called twice without\nMSG_OOB, the OOB data should be lost.\n\n \u003e\u003e\u003e from socket import *\n \u003e\u003e\u003e c1, c2 = socketpair(AF_UNIX, SOCK_STREAM, 0)\n \u003e\u003e\u003e c1.send(b\u0027hello\u0027, MSG_OOB) # \u0027o\u0027 is OOB data\n 5\n \u003e\u003e\u003e c1.send(b\u0027world\u0027)\n 5\n \u003e\u003e\u003e c2.recv(5) # OOB data is not received\n b\u0027hell\u0027\n \u003e\u003e\u003e c2.recv(5) # OOB date is skipped\n b\u0027world\u0027\n \u003e\u003e\u003e c2.recv(5, MSG_OOB) # This should return an error\n b\u0027o\u0027\n\nIn the same situation, TCP actually returns -EINVAL for the last\nrecv().\n\nAlso, if we do not clear unix_sk(sk)-\u003eoob_skb, unix_poll() always set\nEPOLLPRI even though the data has passed through by previous recv().\n\nTo avoid these issues, we must clear unix_sk(sk)-\u003eoob_skb when dequeuing\nit from recv queue.\n\nThe reason why the old GC did not trigger the deadlock is because the\nold GC relied on the receive queue to detect the loop.\n\nWhen it is triggered, the socket with OOB data is marked as GC candidate\nbecause file refcount == inflight count (1). However, after traversing\nall inflight sockets, the socket still has a positive inflight count (1),\nthus the socket is excluded from candidates. Then, the old GC lose the\nchance to garbage-collect the socket.\n\nWith the old GC, the repro continues to create true garbage that will\nnever be freed nor detected by kmemleak as it\u0027s linked to the global\ninflight list. That\u0027s why we couldn\u0027t even notice the issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:29.452Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b4bc99d04c689b5652665394ae8d3e02fb754153"
},
{
"url": "https://git.kernel.org/stable/c/84a352b7eba1142a95441380058985ff19f25ec9"
},
{
"url": "https://git.kernel.org/stable/c/601a89ea24d05089debfa2dc896ea9f5937ac7a6"
},
{
"url": "https://git.kernel.org/stable/c/698a95ade1a00e6494482046902b986dfffd1caf"
},
{
"url": "https://git.kernel.org/stable/c/b46f4eaa4f0ec38909fb0072eea3aeddb32f954e"
}
],
"title": "af_unix: Clear stale u-\u003eoob_skb.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35970",
"datePublished": "2024-05-20T09:41:58.524Z",
"dateReserved": "2024-05-17T13:50:33.141Z",
"dateUpdated": "2025-05-04T09:09:29.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38636 (GCVE-0-2024-38636)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: multidev: fix to recognize valid zero block address
As reported by Yi Zhang in mailing list [1], kernel warning was catched
during zbd/010 test as below:
./check zbd/010
zbd/010 (test gap zone support with F2FS) [failed]
runtime ... 3.752s
something found in dmesg:
[ 4378.146781] run blktests zbd/010 at 2024-02-18 11:31:13
[ 4378.192349] null_blk: module loaded
[ 4378.209860] null_blk: disk nullb0 created
[ 4378.413285] scsi_debug:sdebug_driver_probe: scsi_debug: trim
poll_queues to 0. poll_q/nr_hw = (0/1)
[ 4378.422334] scsi host15: scsi_debug: version 0191 [20210520]
dev_size_mb=1024, opts=0x0, submit_queues=1, statistics=0
[ 4378.434922] scsi 15:0:0:0: Direct-Access-ZBC Linux
scsi_debug 0191 PQ: 0 ANSI: 7
[ 4378.443343] scsi 15:0:0:0: Power-on or device reset occurred
[ 4378.449371] sd 15:0:0:0: Attached scsi generic sg5 type 20
[ 4378.449418] sd 15:0:0:0: [sdf] Host-managed zoned block device
...
(See '/mnt/tests/gitlab.com/api/v4/projects/19168116/repository/archive.zip/storage/blktests/blk/blktests/results/nodev/zbd/010.dmesg'
WARNING: CPU: 22 PID: 44011 at fs/iomap/iter.c:51
CPU: 22 PID: 44011 Comm: fio Not tainted 6.8.0-rc3+ #1
RIP: 0010:iomap_iter+0x32b/0x350
Call Trace:
<TASK>
__iomap_dio_rw+0x1df/0x830
f2fs_file_read_iter+0x156/0x3d0 [f2fs]
aio_read+0x138/0x210
io_submit_one+0x188/0x8c0
__x64_sys_io_submit+0x8c/0x1a0
do_syscall_64+0x86/0x170
entry_SYSCALL_64_after_hwframe+0x6e/0x76
Shinichiro Kawasaki helps to analyse this issue and proposes a potential
fixing patch in [2].
Quoted from reply of Shinichiro Kawasaki:
"I confirmed that the trigger commit is dbf8e63f48af as Yi reported. I took a
look in the commit, but it looks fine to me. So I thought the cause is not
in the commit diff.
I found the WARN is printed when the f2fs is set up with multiple devices,
and read requests are mapped to the very first block of the second device in the
direct read path. In this case, f2fs_map_blocks() and f2fs_map_blocks_cached()
modify map->m_pblk as the physical block address from each block device. It
becomes zero when it is mapped to the first block of the device. However,
f2fs_iomap_begin() assumes that map->m_pblk is the physical block address of the
whole f2fs, across the all block devices. It compares map->m_pblk against
NULL_ADDR == 0, then go into the unexpected branch and sets the invalid
iomap->length. The WARN catches the invalid iomap->length.
This WARN is printed even for non-zoned block devices, by following steps.
- Create two (non-zoned) null_blk devices memory backed with 128MB size each:
nullb0 and nullb1.
# mkfs.f2fs /dev/nullb0 -c /dev/nullb1
# mount -t f2fs /dev/nullb0 "${mount_dir}"
# dd if=/dev/zero of="${mount_dir}/test.dat" bs=1M count=192
# dd if="${mount_dir}/test.dat" of=/dev/null bs=1M count=192 iflag=direct
..."
So, the root cause of this issue is: when multi-devices feature is on,
f2fs_map_blocks() may return zero blkaddr in non-primary device, which is
a verified valid block address, however, f2fs_iomap_begin() treats it as
an invalid block address, and then it triggers the warning in iomap
framework code.
Finally, as discussed, we decide to use a more simple and direct way that
checking (map.m_flags & F2FS_MAP_MAPPED) condition instead of
(map.m_pblk != NULL_ADDR) to fix this issue.
Thanks a lot for the effort of Yi Zhang and Shinichiro Kawasaki on this
issue.
[1] https://lore.kernel.org/linux-f2fs-devel/CAHj4cs-kfojYC9i0G73PRkYzcxCTex=-vugRFeP40g_URGvnfQ@mail.gmail.com/
[2] https://lore.kernel.org/linux-f2fs-devel/gngdj77k4picagsfdtiaa7gpgnup6fsgwzsltx6milmhegmjff@iax2n4wvrqye/
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T13:27:13.428552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T13:27:24.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a9225fdd0ec95fcf32936bcea9ceef0cf1512dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b2611a42462c6c685d40b5f3aedcd8d21c27065"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8b485e39b4d17afa9a2821fc778d5a67abfc03a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33e62cd7b4c281cd737c62e5d8c4f0e602a8c5c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/f2fs/data.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1a9225fdd0ec95fcf32936bcea9ceef0cf1512dc",
"status": "affected",
"version": "1517c1a7a4456f080fabc4ac9853930e4b880d14",
"versionType": "git"
},
{
"lessThan": "2b2611a42462c6c685d40b5f3aedcd8d21c27065",
"status": "affected",
"version": "1517c1a7a4456f080fabc4ac9853930e4b880d14",
"versionType": "git"
},
{
"lessThan": "e8b485e39b4d17afa9a2821fc778d5a67abfc03a",
"status": "affected",
"version": "1517c1a7a4456f080fabc4ac9853930e4b880d14",
"versionType": "git"
},
{
"lessThan": "33e62cd7b4c281cd737c62e5d8c4f0e602a8c5c5",
"status": "affected",
"version": "1517c1a7a4456f080fabc4ac9853930e4b880d14",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/f2fs/data.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: multidev: fix to recognize valid zero block address\n\nAs reported by Yi Zhang in mailing list [1], kernel warning was catched\nduring zbd/010 test as below:\n\n./check zbd/010\nzbd/010 (test gap zone support with F2FS) [failed]\n runtime ... 3.752s\n something found in dmesg:\n [ 4378.146781] run blktests zbd/010 at 2024-02-18 11:31:13\n [ 4378.192349] null_blk: module loaded\n [ 4378.209860] null_blk: disk nullb0 created\n [ 4378.413285] scsi_debug:sdebug_driver_probe: scsi_debug: trim\npoll_queues to 0. poll_q/nr_hw = (0/1)\n [ 4378.422334] scsi host15: scsi_debug: version 0191 [20210520]\n dev_size_mb=1024, opts=0x0, submit_queues=1, statistics=0\n [ 4378.434922] scsi 15:0:0:0: Direct-Access-ZBC Linux\nscsi_debug 0191 PQ: 0 ANSI: 7\n [ 4378.443343] scsi 15:0:0:0: Power-on or device reset occurred\n [ 4378.449371] sd 15:0:0:0: Attached scsi generic sg5 type 20\n [ 4378.449418] sd 15:0:0:0: [sdf] Host-managed zoned block device\n ...\n (See \u0027/mnt/tests/gitlab.com/api/v4/projects/19168116/repository/archive.zip/storage/blktests/blk/blktests/results/nodev/zbd/010.dmesg\u0027\n\nWARNING: CPU: 22 PID: 44011 at fs/iomap/iter.c:51\nCPU: 22 PID: 44011 Comm: fio Not tainted 6.8.0-rc3+ #1\nRIP: 0010:iomap_iter+0x32b/0x350\nCall Trace:\n \u003cTASK\u003e\n __iomap_dio_rw+0x1df/0x830\n f2fs_file_read_iter+0x156/0x3d0 [f2fs]\n aio_read+0x138/0x210\n io_submit_one+0x188/0x8c0\n __x64_sys_io_submit+0x8c/0x1a0\n do_syscall_64+0x86/0x170\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nShinichiro Kawasaki helps to analyse this issue and proposes a potential\nfixing patch in [2].\n\nQuoted from reply of Shinichiro Kawasaki:\n\n\"I confirmed that the trigger commit is dbf8e63f48af as Yi reported. I took a\nlook in the commit, but it looks fine to me. So I thought the cause is not\nin the commit diff.\n\nI found the WARN is printed when the f2fs is set up with multiple devices,\nand read requests are mapped to the very first block of the second device in the\ndirect read path. In this case, f2fs_map_blocks() and f2fs_map_blocks_cached()\nmodify map-\u003em_pblk as the physical block address from each block device. It\nbecomes zero when it is mapped to the first block of the device. However,\nf2fs_iomap_begin() assumes that map-\u003em_pblk is the physical block address of the\nwhole f2fs, across the all block devices. It compares map-\u003em_pblk against\nNULL_ADDR == 0, then go into the unexpected branch and sets the invalid\niomap-\u003elength. The WARN catches the invalid iomap-\u003elength.\n\nThis WARN is printed even for non-zoned block devices, by following steps.\n\n - Create two (non-zoned) null_blk devices memory backed with 128MB size each:\n nullb0 and nullb1.\n # mkfs.f2fs /dev/nullb0 -c /dev/nullb1\n # mount -t f2fs /dev/nullb0 \"${mount_dir}\"\n # dd if=/dev/zero of=\"${mount_dir}/test.dat\" bs=1M count=192\n # dd if=\"${mount_dir}/test.dat\" of=/dev/null bs=1M count=192 iflag=direct\n\n...\"\n\nSo, the root cause of this issue is: when multi-devices feature is on,\nf2fs_map_blocks() may return zero blkaddr in non-primary device, which is\na verified valid block address, however, f2fs_iomap_begin() treats it as\nan invalid block address, and then it triggers the warning in iomap\nframework code.\n\nFinally, as discussed, we decide to use a more simple and direct way that\nchecking (map.m_flags \u0026 F2FS_MAP_MAPPED) condition instead of\n(map.m_pblk != NULL_ADDR) to fix this issue.\n\nThanks a lot for the effort of Yi Zhang and Shinichiro Kawasaki on this\nissue.\n\n[1] https://lore.kernel.org/linux-f2fs-devel/CAHj4cs-kfojYC9i0G73PRkYzcxCTex=-vugRFeP40g_URGvnfQ@mail.gmail.com/\n[2] https://lore.kernel.org/linux-f2fs-devel/gngdj77k4picagsfdtiaa7gpgnup6fsgwzsltx6milmhegmjff@iax2n4wvrqye/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:54.415Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1a9225fdd0ec95fcf32936bcea9ceef0cf1512dc"
},
{
"url": "https://git.kernel.org/stable/c/2b2611a42462c6c685d40b5f3aedcd8d21c27065"
},
{
"url": "https://git.kernel.org/stable/c/e8b485e39b4d17afa9a2821fc778d5a67abfc03a"
},
{
"url": "https://git.kernel.org/stable/c/33e62cd7b4c281cd737c62e5d8c4f0e602a8c5c5"
}
],
"title": "f2fs: multidev: fix to recognize valid zero block address",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38636",
"datePublished": "2024-06-21T10:18:24.900Z",
"dateReserved": "2024-06-18T19:36:34.947Z",
"dateUpdated": "2025-05-04T09:15:54.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38391 (GCVE-0-2024-38391)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-07-02T19:16:26.621Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38391",
"datePublished": "2024-06-21T10:18:14.299Z",
"dateRejected": "2024-07-02T19:16:26.621Z",
"dateReserved": "2024-06-21T10:13:16.293Z",
"dateUpdated": "2024-07-02T19:16:26.621Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38588 (GCVE-0-2024-38588)
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix possible use-after-free issue in ftrace_location()
KASAN reports a bug:
BUG: KASAN: use-after-free in ftrace_location+0x90/0x120
Read of size 8 at addr ffff888141d40010 by task insmod/424
CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+
[...]
Call Trace:
<TASK>
dump_stack_lvl+0x68/0xa0
print_report+0xcf/0x610
kasan_report+0xb5/0xe0
ftrace_location+0x90/0x120
register_kprobe+0x14b/0xa40
kprobe_init+0x2d/0xff0 [kprobe_example]
do_one_initcall+0x8f/0x2d0
do_init_module+0x13a/0x3c0
load_module+0x3082/0x33d0
init_module_from_file+0xd2/0x130
__x64_sys_finit_module+0x306/0x440
do_syscall_64+0x68/0x140
entry_SYSCALL_64_after_hwframe+0x71/0x79
The root cause is that, in lookup_rec(), ftrace record of some address
is being searched in ftrace pages of some module, but those ftrace pages
at the same time is being freed in ftrace_release_mod() as the
corresponding module is being deleted:
CPU1 | CPU2
register_kprobes() { | delete_module() {
check_kprobe_address_safe() { |
arch_check_ftrace_location() { |
ftrace_location() { |
lookup_rec() // USE! | ftrace_release_mod() // Free!
To fix this issue:
1. Hold rcu lock as accessing ftrace pages in ftrace_location_range();
2. Use ftrace_location_range() instead of lookup_rec() in
ftrace_location();
3. Call synchronize_rcu() before freeing any ftrace pages both in
ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b Version: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b Version: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b Version: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b Version: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b Version: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b Version: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b Version: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:17:19.872138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T19:18:45.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ea8ef5e42173560ac510e92a1cc797ffeea8831"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbff5f0bfb2416b8b55c105ddbcd4f885e98fada"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b4881da5b19f65709f5c18c1a4d8caa2e496461"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/66df065b3106964e667b37bf8f7e55ec69d0c1f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31310e373f4c8c74e029d4326b283e757edabc0b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e60b613df8b6253def41215402f72986fee3fc8d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/ftrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eea46baf145150910ba134f75a67106ba2222c1b",
"status": "affected",
"version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
"versionType": "git"
},
{
"lessThan": "1880a324af1c95940a7c954b6b937e86844a33bd",
"status": "affected",
"version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
"versionType": "git"
},
{
"lessThan": "8ea8ef5e42173560ac510e92a1cc797ffeea8831",
"status": "affected",
"version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
"versionType": "git"
},
{
"lessThan": "dbff5f0bfb2416b8b55c105ddbcd4f885e98fada",
"status": "affected",
"version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
"versionType": "git"
},
{
"lessThan": "7b4881da5b19f65709f5c18c1a4d8caa2e496461",
"status": "affected",
"version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
"versionType": "git"
},
{
"lessThan": "66df065b3106964e667b37bf8f7e55ec69d0c1f6",
"status": "affected",
"version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
"versionType": "git"
},
{
"lessThan": "31310e373f4c8c74e029d4326b283e757edabc0b",
"status": "affected",
"version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
"versionType": "git"
},
{
"lessThan": "e60b613df8b6253def41215402f72986fee3fc8d",
"status": "affected",
"version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/ftrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.286",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix possible use-after-free issue in ftrace_location()\n\nKASAN reports a bug:\n\n BUG: KASAN: use-after-free in ftrace_location+0x90/0x120\n Read of size 8 at addr ffff888141d40010 by task insmod/424\n CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+\n [...]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0xa0\n print_report+0xcf/0x610\n kasan_report+0xb5/0xe0\n ftrace_location+0x90/0x120\n register_kprobe+0x14b/0xa40\n kprobe_init+0x2d/0xff0 [kprobe_example]\n do_one_initcall+0x8f/0x2d0\n do_init_module+0x13a/0x3c0\n load_module+0x3082/0x33d0\n init_module_from_file+0xd2/0x130\n __x64_sys_finit_module+0x306/0x440\n do_syscall_64+0x68/0x140\n entry_SYSCALL_64_after_hwframe+0x71/0x79\n\nThe root cause is that, in lookup_rec(), ftrace record of some address\nis being searched in ftrace pages of some module, but those ftrace pages\nat the same time is being freed in ftrace_release_mod() as the\ncorresponding module is being deleted:\n\n CPU1 | CPU2\n register_kprobes() { | delete_module() {\n check_kprobe_address_safe() { |\n arch_check_ftrace_location() { |\n ftrace_location() { |\n lookup_rec() // USE! | ftrace_release_mod() // Free!\n\nTo fix this issue:\n 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range();\n 2. Use ftrace_location_range() instead of lookup_rec() in\n ftrace_location();\n 3. Call synchronize_rcu() before freeing any ftrace pages both in\n ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:44.284Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eea46baf145150910ba134f75a67106ba2222c1b"
},
{
"url": "https://git.kernel.org/stable/c/1880a324af1c95940a7c954b6b937e86844a33bd"
},
{
"url": "https://git.kernel.org/stable/c/8ea8ef5e42173560ac510e92a1cc797ffeea8831"
},
{
"url": "https://git.kernel.org/stable/c/dbff5f0bfb2416b8b55c105ddbcd4f885e98fada"
},
{
"url": "https://git.kernel.org/stable/c/7b4881da5b19f65709f5c18c1a4d8caa2e496461"
},
{
"url": "https://git.kernel.org/stable/c/66df065b3106964e667b37bf8f7e55ec69d0c1f6"
},
{
"url": "https://git.kernel.org/stable/c/31310e373f4c8c74e029d4326b283e757edabc0b"
},
{
"url": "https://git.kernel.org/stable/c/e60b613df8b6253def41215402f72986fee3fc8d"
}
],
"title": "ftrace: Fix possible use-after-free issue in ftrace_location()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38588",
"datePublished": "2024-06-19T13:37:43.262Z",
"dateReserved": "2024-06-18T19:36:34.929Z",
"dateUpdated": "2025-05-04T09:14:44.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39466 (GCVE-0-2024-39466)
Vulnerability from cvelistv5
Published
2024-06-25 14:25
Modified
2025-05-04 09:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/qcom/lmh: Check for SCM availability at probe
Up until now, the necessary scm availability check has not been
performed, leading to possible null pointer dereferences (which did
happen for me on RB1).
Fix that.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T15:25:40.512960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T15:25:46.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/qcom/lmh.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2226b145afa5e13cb60dbe77fb20fb0666a1caf3",
"status": "affected",
"version": "53bca371cdf7addc1e93e1b99285b3d3935685ec",
"versionType": "git"
},
{
"lessThan": "560d69c975072974c11434ca6953891e74c1a665",
"status": "affected",
"version": "53bca371cdf7addc1e93e1b99285b3d3935685ec",
"versionType": "git"
},
{
"lessThan": "0a47ba94ec3d8f782b33e3d970cfcb769b962464",
"status": "affected",
"version": "53bca371cdf7addc1e93e1b99285b3d3935685ec",
"versionType": "git"
},
{
"lessThan": "aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b",
"status": "affected",
"version": "53bca371cdf7addc1e93e1b99285b3d3935685ec",
"versionType": "git"
},
{
"lessThan": "d9d3490c48df572edefc0b64655259eefdcbb9be",
"status": "affected",
"version": "53bca371cdf7addc1e93e1b99285b3d3935685ec",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/qcom/lmh.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.94",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.34",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.5",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/qcom/lmh: Check for SCM availability at probe\n\nUp until now, the necessary scm availability check has not been\nperformed, leading to possible null pointer dereferences (which did\nhappen for me on RB1).\n\nFix that."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:16:24.764Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3"
},
{
"url": "https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665"
},
{
"url": "https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464"
},
{
"url": "https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b"
},
{
"url": "https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be"
}
],
"title": "thermal/drivers/qcom/lmh: Check for SCM availability at probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39466",
"datePublished": "2024-06-25T14:25:04.952Z",
"dateReserved": "2024-06-25T14:23:23.744Z",
"dateUpdated": "2025-05-04T09:16:24.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52836 (GCVE-0-2023-52836)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
locking/ww_mutex/test: Fix potential workqueue corruption
In some cases running with the test-ww_mutex code, I was seeing
odd behavior where sometimes it seemed flush_workqueue was
returning before all the work threads were finished.
Often this would cause strange crashes as the mutexes would be
freed while they were being used.
Looking at the code, there is a lifetime problem as the
controlling thread that spawns the work allocates the
"struct stress" structures that are passed to the workqueue
threads. Then when the workqueue threads are finished,
they free the stress struct that was passed to them.
Unfortunately the workqueue work_struct node is in the stress
struct. Which means the work_struct is freed before the work
thread returns and while flush_workqueue is waiting.
It seems like a better idea to have the controlling thread
both allocate and free the stress structures, so that we can
be sure we don't corrupt the workqueue by freeing the structure
prematurely.
So this patch reworks the test to do so, and with this change
I no longer see the early flush_workqueue returns.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T19:05:10.965267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:59.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4d37c9e6a4dbcca958dabd99216550525c7e389"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8267cabbe1bed15ccf8b0e684c528bf8eeef715"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dcd85e3c929368076a7592b27f541e0da8b427f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ed2d68b3925145f5f51c46559484881d6082f75"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e89d0ed45a419c485bae999426ecf92697cbdda3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c56df79d68677cf062da1b6e3b33e74299a92dfc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e36407713163363e65566e7af0abe207d5f59a0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/304a2c4aad0fff887ce493e4197bf9cbaf394479"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bccdd808902f8c677317cec47c306e42b93b849e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/locking/test-ww_mutex.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d4d37c9e6a4dbcca958dabd99216550525c7e389",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d8267cabbe1bed15ccf8b0e684c528bf8eeef715",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dcd85e3c929368076a7592b27f541e0da8b427f5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9ed2d68b3925145f5f51c46559484881d6082f75",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e89d0ed45a419c485bae999426ecf92697cbdda3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c56df79d68677cf062da1b6e3b33e74299a92dfc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e36407713163363e65566e7af0abe207d5f59a0c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "304a2c4aad0fff887ce493e4197bf9cbaf394479",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bccdd808902f8c677317cec47c306e42b93b849e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/locking/test-ww_mutex.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlocking/ww_mutex/test: Fix potential workqueue corruption\n\nIn some cases running with the test-ww_mutex code, I was seeing\nodd behavior where sometimes it seemed flush_workqueue was\nreturning before all the work threads were finished.\n\nOften this would cause strange crashes as the mutexes would be\nfreed while they were being used.\n\nLooking at the code, there is a lifetime problem as the\ncontrolling thread that spawns the work allocates the\n\"struct stress\" structures that are passed to the workqueue\nthreads. Then when the workqueue threads are finished,\nthey free the stress struct that was passed to them.\n\nUnfortunately the workqueue work_struct node is in the stress\nstruct. Which means the work_struct is freed before the work\nthread returns and while flush_workqueue is waiting.\n\nIt seems like a better idea to have the controlling thread\nboth allocate and free the stress structures, so that we can\nbe sure we don\u0027t corrupt the workqueue by freeing the structure\nprematurely.\n\nSo this patch reworks the test to do so, and with this change\nI no longer see the early flush_workqueue returns."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:01.742Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d4d37c9e6a4dbcca958dabd99216550525c7e389"
},
{
"url": "https://git.kernel.org/stable/c/d8267cabbe1bed15ccf8b0e684c528bf8eeef715"
},
{
"url": "https://git.kernel.org/stable/c/dcd85e3c929368076a7592b27f541e0da8b427f5"
},
{
"url": "https://git.kernel.org/stable/c/9ed2d68b3925145f5f51c46559484881d6082f75"
},
{
"url": "https://git.kernel.org/stable/c/e89d0ed45a419c485bae999426ecf92697cbdda3"
},
{
"url": "https://git.kernel.org/stable/c/c56df79d68677cf062da1b6e3b33e74299a92dfc"
},
{
"url": "https://git.kernel.org/stable/c/e36407713163363e65566e7af0abe207d5f59a0c"
},
{
"url": "https://git.kernel.org/stable/c/304a2c4aad0fff887ce493e4197bf9cbaf394479"
},
{
"url": "https://git.kernel.org/stable/c/bccdd808902f8c677317cec47c306e42b93b849e"
}
],
"title": "locking/ww_mutex/test: Fix potential workqueue corruption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52836",
"datePublished": "2024-05-21T15:31:37.174Z",
"dateReserved": "2024-05-21T15:19:24.252Z",
"dateUpdated": "2025-05-04T07:44:01.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52847 (GCVE-0-2023-52847)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: bttv: fix use after free error due to btv->timeout timer
There may be some a race condition between timer function
bttv_irq_timeout and bttv_remove. The timer is setup in
probe and there is no timer_delete operation in remove
function. When it hit kfree btv, the function might still be
invoked, which will cause use after free bug.
This bug is found by static analysis, it may be false positive.
Fix it by adding del_timer_sync invoking to the remove function.
cpu0 cpu1
bttv_probe
->timer_setup
->bttv_set_dma
->mod_timer;
bttv_remove
->kfree(btv);
->bttv_irq_timeout
->USE btv
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52847",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T19:17:00.085705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T19:41:06.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b35fdade92c5058a5e727e233fe263b828de2c9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f3d9198cdae1cb079ec8652f4defacd481eab2b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/51c94256a83fe4e17406c66ff3e1ad7d242d8574"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/20568d06f6069cb835e05eed432edf962645d226"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1871014d6ef4812ad11ef7d838d73ce09d632267"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/847599fffa528b2cdec4e21b6bf7586dad982132"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd5b50b329e850d467e7bcc07b2b6bde3752fbda"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/pci/bt8xx/bttv-driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
},
{
"lessThan": "b35fdade92c5058a5e727e233fe263b828de2c9a",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
},
{
"lessThan": "2f3d9198cdae1cb079ec8652f4defacd481eab2b",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
},
{
"lessThan": "51c94256a83fe4e17406c66ff3e1ad7d242d8574",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
},
{
"lessThan": "20568d06f6069cb835e05eed432edf962645d226",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
},
{
"lessThan": "1871014d6ef4812ad11ef7d838d73ce09d632267",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
},
{
"lessThan": "847599fffa528b2cdec4e21b6bf7586dad982132",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
},
{
"lessThan": "bd5b50b329e850d467e7bcc07b2b6bde3752fbda",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/pci/bt8xx/bttv-driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: bttv: fix use after free error due to btv-\u003etimeout timer\n\nThere may be some a race condition between timer function\nbttv_irq_timeout and bttv_remove. The timer is setup in\nprobe and there is no timer_delete operation in remove\nfunction. When it hit kfree btv, the function might still be\ninvoked, which will cause use after free bug.\n\nThis bug is found by static analysis, it may be false positive.\n\nFix it by adding del_timer_sync invoking to the remove function.\n\ncpu0 cpu1\n bttv_probe\n -\u003etimer_setup\n -\u003ebttv_set_dma\n -\u003emod_timer;\nbttv_remove\n -\u003ekfree(btv);\n -\u003ebttv_irq_timeout\n -\u003eUSE btv"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:14.058Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9"
},
{
"url": "https://git.kernel.org/stable/c/b35fdade92c5058a5e727e233fe263b828de2c9a"
},
{
"url": "https://git.kernel.org/stable/c/2f3d9198cdae1cb079ec8652f4defacd481eab2b"
},
{
"url": "https://git.kernel.org/stable/c/51c94256a83fe4e17406c66ff3e1ad7d242d8574"
},
{
"url": "https://git.kernel.org/stable/c/20568d06f6069cb835e05eed432edf962645d226"
},
{
"url": "https://git.kernel.org/stable/c/1871014d6ef4812ad11ef7d838d73ce09d632267"
},
{
"url": "https://git.kernel.org/stable/c/847599fffa528b2cdec4e21b6bf7586dad982132"
},
{
"url": "https://git.kernel.org/stable/c/bd5b50b329e850d467e7bcc07b2b6bde3752fbda"
}
],
"title": "media: bttv: fix use after free error due to btv-\u003etimeout timer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52847",
"datePublished": "2024-05-21T15:31:44.513Z",
"dateReserved": "2024-05-21T15:19:24.255Z",
"dateUpdated": "2025-05-04T07:44:14.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35926 (GCVE-0-2024-35926)
Vulnerability from cvelistv5
Published
2024-05-19 10:10
Modified
2025-05-04 09:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: iaa - Fix async_disable descriptor leak
The disable_async paths of iaa_compress/decompress() don't free idxd
descriptors in the async_disable case. Currently this only happens in
the testcases where req->dst is set to null. Add a test to free them
in those paths.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:06:39.621529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:27.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d994f7d77aaded05dc05af58a2720fd4f4b72a83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/262534ddc88dfea7474ed18adfecf856e4fbe054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/intel/iaa/iaa_crypto_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d994f7d77aaded05dc05af58a2720fd4f4b72a83",
"status": "affected",
"version": "ea7a5cbb43696cfacf73e61916d1860ac30b5b2f",
"versionType": "git"
},
{
"lessThan": "262534ddc88dfea7474ed18adfecf856e4fbe054",
"status": "affected",
"version": "ea7a5cbb43696cfacf73e61916d1860ac30b5b2f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/intel/iaa/iaa_crypto_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix async_disable descriptor leak\n\nThe disable_async paths of iaa_compress/decompress() don\u0027t free idxd\ndescriptors in the async_disable case. Currently this only happens in\nthe testcases where req-\u003edst is set to null. Add a test to free them\nin those paths."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:08:31.045Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d994f7d77aaded05dc05af58a2720fd4f4b72a83"
},
{
"url": "https://git.kernel.org/stable/c/262534ddc88dfea7474ed18adfecf856e4fbe054"
}
],
"title": "crypto: iaa - Fix async_disable descriptor leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35926",
"datePublished": "2024-05-19T10:10:36.420Z",
"dateReserved": "2024-05-17T13:50:33.127Z",
"dateUpdated": "2025-05-04T09:08:31.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52759 (GCVE-0-2023-52759)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-12-19T11:08:07.187Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52759",
"datePublished": "2024-05-21T15:30:45.773Z",
"dateRejected": "2024-12-19T11:08:07.187Z",
"dateReserved": "2024-05-21T15:19:24.237Z",
"dateUpdated": "2024-12-19T11:08:07.187Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26780 (GCVE-0-2024-26780)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Fix task hung while purging oob_skb in GC.
syzbot reported a task hung; at the same time, GC was looping infinitely
in list_for_each_entry_safe() for OOB skb. [0]
syzbot demonstrated that the list_for_each_entry_safe() was not actually
safe in this case.
A single skb could have references for multiple sockets. If we free such
a skb in the list_for_each_entry_safe(), the current and next sockets could
be unlinked in a single iteration.
unix_notinflight() uses list_del_init() to unlink the socket, so the
prefetched next socket forms a loop itself and list_for_each_entry_safe()
never stops.
Here, we must use while() and make sure we always fetch the first socket.
[0]:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 5065 Comm: syz-executor236 Not tainted 6.8.0-rc3-syzkaller-00136-g1f719a2f3fa6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0xd/0x60 kernel/kcov.c:207
Code: cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 14 25 40 c2 03 00 <65> 8b 05 b4 7c 78 7e a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74
RSP: 0018:ffffc900033efa58 EFLAGS: 00000283
RAX: ffff88807b077800 RBX: ffff88807b077800 RCX: 1ffffffff27b1189
RDX: ffff88802a5a3b80 RSI: ffffffff8968488d RDI: ffff88807b077f70
RBP: ffffc900033efbb0 R08: 0000000000000001 R09: fffffbfff27a900c
R10: ffffffff93d48067 R11: ffffffff8ae000eb R12: ffff88807b077800
R13: dffffc0000000000 R14: ffff88807b077e40 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564f4fc1e3a8 CR3: 000000000d57a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
unix_gc+0x563/0x13b0 net/unix/garbage.c:319
unix_release_sock+0xa93/0xf80 net/unix/af_unix.c:683
unix_release+0x91/0xf0 net/unix/af_unix.c:1064
__sock_release+0xb0/0x270 net/socket.c:659
sock_close+0x1c/0x30 net/socket.c:1421
__fput+0x270/0xb80 fs/file_table.c:376
task_work_run+0x14f/0x250 kernel/task_work.c:180
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xa8a/0x2ad0 kernel/exit.c:871
do_group_exit+0xd4/0x2a0 kernel/exit.c:1020
__do_sys_exit_group kernel/exit.c:1031 [inline]
__se_sys_exit_group kernel/exit.c:1029 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1029
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd5/0x270 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7f9d6cbdac09
Code: Unable to access opcode bytes at 0x7f9d6cbdabdf.
RSP: 002b:00007fff5952feb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9d6cbdac09
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007f9d6cc552b0 R08: ffffffffffffffb8 R09: 0000000000000006
R10: 0000000000000006 R11: 0000000000000246 R12: 00007f9d6cc552b0
R13: 0000000000000000 R14: 00007f9d6cc55d00 R15: 00007f9d6cbabe70
</TASK>
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36f7371de977f805750748e80279be7e370df85c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a3d40b4025fcfe51b04924979f1653993b17669"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69e0f04460f4037e01e29f0d9675544f62aafca3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb8890318dde26fc89c6ea67d6e9070ab50b6e91"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25236c91b5ab4a26a56ba2e79b8060cf4e047839"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:51:08.468266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:52.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/unix/garbage.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "36f7371de977f805750748e80279be7e370df85c",
"status": "affected",
"version": "4fe505c63aa3273135a57597fda761e9aecc7668",
"versionType": "git"
},
{
"lessThan": "2a3d40b4025fcfe51b04924979f1653993b17669",
"status": "affected",
"version": "e0e09186d8821ad59806115d347ea32efa43ca4b",
"versionType": "git"
},
{
"lessThan": "69e0f04460f4037e01e29f0d9675544f62aafca3",
"status": "affected",
"version": "b74aa9ce13d02b7fd37c5325b99854f91b9b4276",
"versionType": "git"
},
{
"lessThan": "cb8890318dde26fc89c6ea67d6e9070ab50b6e91",
"status": "affected",
"version": "82ae47c5c3a6b27fdc0f9e83c1499cb439c56140",
"versionType": "git"
},
{
"lessThan": "25236c91b5ab4a26a56ba2e79b8060cf4e047839",
"status": "affected",
"version": "1279f9d9dec2d7462823a18c29ad61359e0a007d",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/unix/garbage.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.1.81",
"status": "affected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThan": "6.6.21",
"status": "affected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThan": "6.7.9",
"status": "affected",
"version": "6.7.5",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "6.1.78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "6.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "6.7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix task hung while purging oob_skb in GC.\n\nsyzbot reported a task hung; at the same time, GC was looping infinitely\nin list_for_each_entry_safe() for OOB skb. [0]\n\nsyzbot demonstrated that the list_for_each_entry_safe() was not actually\nsafe in this case.\n\nA single skb could have references for multiple sockets. If we free such\na skb in the list_for_each_entry_safe(), the current and next sockets could\nbe unlinked in a single iteration.\n\nunix_notinflight() uses list_del_init() to unlink the socket, so the\nprefetched next socket forms a loop itself and list_for_each_entry_safe()\nnever stops.\n\nHere, we must use while() and make sure we always fetch the first socket.\n\n[0]:\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 5065 Comm: syz-executor236 Not tainted 6.8.0-rc3-syzkaller-00136-g1f719a2f3fa6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nRIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline]\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:__sanitizer_cov_trace_pc+0xd/0x60 kernel/kcov.c:207\nCode: cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 14 25 40 c2 03 00 \u003c65\u003e 8b 05 b4 7c 78 7e a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74\nRSP: 0018:ffffc900033efa58 EFLAGS: 00000283\nRAX: ffff88807b077800 RBX: ffff88807b077800 RCX: 1ffffffff27b1189\nRDX: ffff88802a5a3b80 RSI: ffffffff8968488d RDI: ffff88807b077f70\nRBP: ffffc900033efbb0 R08: 0000000000000001 R09: fffffbfff27a900c\nR10: ffffffff93d48067 R11: ffffffff8ae000eb R12: ffff88807b077800\nR13: dffffc0000000000 R14: ffff88807b077e40 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000564f4fc1e3a8 CR3: 000000000d57a000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cTASK\u003e\n unix_gc+0x563/0x13b0 net/unix/garbage.c:319\n unix_release_sock+0xa93/0xf80 net/unix/af_unix.c:683\n unix_release+0x91/0xf0 net/unix/af_unix.c:1064\n __sock_release+0xb0/0x270 net/socket.c:659\n sock_close+0x1c/0x30 net/socket.c:1421\n __fput+0x270/0xb80 fs/file_table.c:376\n task_work_run+0x14f/0x250 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0xa8a/0x2ad0 kernel/exit.c:871\n do_group_exit+0xd4/0x2a0 kernel/exit.c:1020\n __do_sys_exit_group kernel/exit.c:1031 [inline]\n __se_sys_exit_group kernel/exit.c:1029 [inline]\n __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1029\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd5/0x270 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\nRIP: 0033:0x7f9d6cbdac09\nCode: Unable to access opcode bytes at 0x7f9d6cbdabdf.\nRSP: 002b:00007fff5952feb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9d6cbdac09\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007f9d6cc552b0 R08: ffffffffffffffb8 R09: 0000000000000006\nR10: 0000000000000006 R11: 0000000000000246 R12: 00007f9d6cc552b0\nR13: 0000000000000000 R14: 00007f9d6cc55d00 R15: 00007f9d6cbabe70\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:20.708Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/36f7371de977f805750748e80279be7e370df85c"
},
{
"url": "https://git.kernel.org/stable/c/2a3d40b4025fcfe51b04924979f1653993b17669"
},
{
"url": "https://git.kernel.org/stable/c/69e0f04460f4037e01e29f0d9675544f62aafca3"
},
{
"url": "https://git.kernel.org/stable/c/cb8890318dde26fc89c6ea67d6e9070ab50b6e91"
},
{
"url": "https://git.kernel.org/stable/c/25236c91b5ab4a26a56ba2e79b8060cf4e047839"
}
],
"title": "af_unix: Fix task hung while purging oob_skb in GC.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26780",
"datePublished": "2024-04-04T08:20:15.120Z",
"dateReserved": "2024-02-19T14:20:24.177Z",
"dateUpdated": "2025-05-04T08:56:20.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36005 (GCVE-0-2024-36005)
Vulnerability from cvelistv5
Published
2024-05-20 09:48
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: honor table dormant flag from netdev release event path
Check for table dormant flag otherwise netdev release event path tries
to unregister an already unregistered hook.
[524854.857999] ------------[ cut here ]------------
[524854.858010] WARNING: CPU: 0 PID: 3386599 at net/netfilter/core.c:501 __nf_unregister_net_hook+0x21a/0x260
[...]
[524854.858848] CPU: 0 PID: 3386599 Comm: kworker/u32:2 Not tainted 6.9.0-rc3+ #365
[524854.858869] Workqueue: netns cleanup_net
[524854.858886] RIP: 0010:__nf_unregister_net_hook+0x21a/0x260
[524854.858903] Code: 24 e8 aa 73 83 ff 48 63 43 1c 83 f8 01 0f 85 3d ff ff ff e8 98 d1 f0 ff 48 8b 3c 24 e8 8f 73 83 ff 48 63 43 1c e9 26 ff ff ff <0f> 0b 48 83 c4 18 48 c7 c7 00 68 e9 82 5b 5d 41 5c 41 5d 41 5e 41
[524854.858914] RSP: 0018:ffff8881e36d79e0 EFLAGS: 00010246
[524854.858926] RAX: 0000000000000000 RBX: ffff8881339ae790 RCX: ffffffff81ba524a
[524854.858936] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881c8a16438
[524854.858945] RBP: ffff8881c8a16438 R08: 0000000000000001 R09: ffffed103c6daf34
[524854.858954] R10: ffff8881e36d79a7 R11: 0000000000000000 R12: 0000000000000005
[524854.858962] R13: ffff8881c8a16000 R14: 0000000000000000 R15: ffff8881351b5a00
[524854.858971] FS: 0000000000000000(0000) GS:ffff888390800000(0000) knlGS:0000000000000000
[524854.858982] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[524854.858991] CR2: 00007fc9be0f16f4 CR3: 00000001437cc004 CR4: 00000000001706f0
[524854.859000] Call Trace:
[524854.859006] <TASK>
[524854.859013] ? __warn+0x9f/0x1a0
[524854.859027] ? __nf_unregister_net_hook+0x21a/0x260
[524854.859044] ? report_bug+0x1b1/0x1e0
[524854.859060] ? handle_bug+0x3c/0x70
[524854.859071] ? exc_invalid_op+0x17/0x40
[524854.859083] ? asm_exc_invalid_op+0x1a/0x20
[524854.859100] ? __nf_unregister_net_hook+0x6a/0x260
[524854.859116] ? __nf_unregister_net_hook+0x21a/0x260
[524854.859135] nf_tables_netdev_event+0x337/0x390 [nf_tables]
[524854.859304] ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables]
[524854.859461] ? packet_notifier+0xb3/0x360
[524854.859476] ? _raw_spin_unlock_irqrestore+0x11/0x40
[524854.859489] ? dcbnl_netdevice_event+0x35/0x140
[524854.859507] ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables]
[524854.859661] notifier_call_chain+0x7d/0x140
[524854.859677] unregister_netdevice_many_notify+0x5e1/0xae0
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d54725cd11a57c30f650260cfb0a92c268bdc3e0 Version: d54725cd11a57c30f650260cfb0a92c268bdc3e0 Version: d54725cd11a57c30f650260cfb0a92c268bdc3e0 Version: d54725cd11a57c30f650260cfb0a92c268bdc3e0 Version: d54725cd11a57c30f650260cfb0a92c268bdc3e0 Version: d54725cd11a57c30f650260cfb0a92c268bdc3e0 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:11:00.848539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:43.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4bb6da24de336a7899033a65490ed2d892efa5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c45feb3c288cf44a529e2657b36c259d86497d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13ba94f6cc820fdea15efeaa17d4c722874eebf9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8260c980aee7d8d8a3db39faf19c391d2f898816"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca34c40d1c22c555fa7f4a21a1c807fea7290a0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e30abc9ace4f0add4cd761dfdbfaebae5632dd2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_chain_filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e4bb6da24de336a7899033a65490ed2d892efa5b",
"status": "affected",
"version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
"versionType": "git"
},
{
"lessThan": "5c45feb3c288cf44a529e2657b36c259d86497d2",
"status": "affected",
"version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
"versionType": "git"
},
{
"lessThan": "13ba94f6cc820fdea15efeaa17d4c722874eebf9",
"status": "affected",
"version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
"versionType": "git"
},
{
"lessThan": "8260c980aee7d8d8a3db39faf19c391d2f898816",
"status": "affected",
"version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
"versionType": "git"
},
{
"lessThan": "ca34c40d1c22c555fa7f4a21a1c807fea7290a0a",
"status": "affected",
"version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
"versionType": "git"
},
{
"lessThan": "8e30abc9ace4f0add4cd761dfdbfaebae5632dd2",
"status": "affected",
"version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_chain_filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: honor table dormant flag from netdev release event path\n\nCheck for table dormant flag otherwise netdev release event path tries\nto unregister an already unregistered hook.\n\n[524854.857999] ------------[ cut here ]------------\n[524854.858010] WARNING: CPU: 0 PID: 3386599 at net/netfilter/core.c:501 __nf_unregister_net_hook+0x21a/0x260\n[...]\n[524854.858848] CPU: 0 PID: 3386599 Comm: kworker/u32:2 Not tainted 6.9.0-rc3+ #365\n[524854.858869] Workqueue: netns cleanup_net\n[524854.858886] RIP: 0010:__nf_unregister_net_hook+0x21a/0x260\n[524854.858903] Code: 24 e8 aa 73 83 ff 48 63 43 1c 83 f8 01 0f 85 3d ff ff ff e8 98 d1 f0 ff 48 8b 3c 24 e8 8f 73 83 ff 48 63 43 1c e9 26 ff ff ff \u003c0f\u003e 0b 48 83 c4 18 48 c7 c7 00 68 e9 82 5b 5d 41 5c 41 5d 41 5e 41\n[524854.858914] RSP: 0018:ffff8881e36d79e0 EFLAGS: 00010246\n[524854.858926] RAX: 0000000000000000 RBX: ffff8881339ae790 RCX: ffffffff81ba524a\n[524854.858936] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881c8a16438\n[524854.858945] RBP: ffff8881c8a16438 R08: 0000000000000001 R09: ffffed103c6daf34\n[524854.858954] R10: ffff8881e36d79a7 R11: 0000000000000000 R12: 0000000000000005\n[524854.858962] R13: ffff8881c8a16000 R14: 0000000000000000 R15: ffff8881351b5a00\n[524854.858971] FS: 0000000000000000(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[524854.858982] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[524854.858991] CR2: 00007fc9be0f16f4 CR3: 00000001437cc004 CR4: 00000000001706f0\n[524854.859000] Call Trace:\n[524854.859006] \u003cTASK\u003e\n[524854.859013] ? __warn+0x9f/0x1a0\n[524854.859027] ? __nf_unregister_net_hook+0x21a/0x260\n[524854.859044] ? report_bug+0x1b1/0x1e0\n[524854.859060] ? handle_bug+0x3c/0x70\n[524854.859071] ? exc_invalid_op+0x17/0x40\n[524854.859083] ? asm_exc_invalid_op+0x1a/0x20\n[524854.859100] ? __nf_unregister_net_hook+0x6a/0x260\n[524854.859116] ? __nf_unregister_net_hook+0x21a/0x260\n[524854.859135] nf_tables_netdev_event+0x337/0x390 [nf_tables]\n[524854.859304] ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables]\n[524854.859461] ? packet_notifier+0xb3/0x360\n[524854.859476] ? _raw_spin_unlock_irqrestore+0x11/0x40\n[524854.859489] ? dcbnl_netdevice_event+0x35/0x140\n[524854.859507] ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables]\n[524854.859661] notifier_call_chain+0x7d/0x140\n[524854.859677] unregister_netdevice_many_notify+0x5e1/0xae0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:20.855Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e4bb6da24de336a7899033a65490ed2d892efa5b"
},
{
"url": "https://git.kernel.org/stable/c/5c45feb3c288cf44a529e2657b36c259d86497d2"
},
{
"url": "https://git.kernel.org/stable/c/13ba94f6cc820fdea15efeaa17d4c722874eebf9"
},
{
"url": "https://git.kernel.org/stable/c/8260c980aee7d8d8a3db39faf19c391d2f898816"
},
{
"url": "https://git.kernel.org/stable/c/ca34c40d1c22c555fa7f4a21a1c807fea7290a0a"
},
{
"url": "https://git.kernel.org/stable/c/8e30abc9ace4f0add4cd761dfdbfaebae5632dd2"
}
],
"title": "netfilter: nf_tables: honor table dormant flag from netdev release event path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36005",
"datePublished": "2024-05-20T09:48:05.568Z",
"dateReserved": "2024-05-17T13:50:33.150Z",
"dateUpdated": "2025-05-04T09:10:20.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38605 (GCVE-0-2024-38605)
Vulnerability from cvelistv5
Published
2024-06-19 13:48
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: core: Fix NULL module pointer assignment at card init
The commit 81033c6b584b ("ALSA: core: Warn on empty module")
introduced a WARN_ON() for a NULL module pointer passed at snd_card
object creation, and it also wraps the code around it with '#ifdef
MODULE'. This works in most cases, but the devils are always in
details. "MODULE" is defined when the target code (i.e. the sound
core) is built as a module; but this doesn't mean that the caller is
also built-in or not. Namely, when only the sound core is built-in
(CONFIG_SND=y) while the driver is a module (CONFIG_SND_USB_AUDIO=m),
the passed module pointer is ignored even if it's non-NULL, and
card->module remains as NULL. This would result in the missing module
reference up/down at the device open/close, leading to a race with the
code execution after the module removal.
For addressing the bug, move the assignment of card->module again out
of ifdef. The WARN_ON() is still wrapped with ifdef because the
module can be really NULL when all sound drivers are built-in.
Note that we keep 'ifdef MODULE' for WARN_ON(), otherwise it would
lead to a false-positive NULL module check. Admittedly it won't catch
perfectly, i.e. no check is performed when CONFIG_SND=y. But, it's no
real problem as it's only for debugging, and the condition is pretty
rare.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 81033c6b584b44514cbb16fffc26ca29a0fa6270 Version: 81033c6b584b44514cbb16fffc26ca29a0fa6270 Version: 81033c6b584b44514cbb16fffc26ca29a0fa6270 Version: 81033c6b584b44514cbb16fffc26ca29a0fa6270 Version: 81033c6b584b44514cbb16fffc26ca29a0fa6270 Version: 81033c6b584b44514cbb16fffc26ca29a0fa6270 Version: 81033c6b584b44514cbb16fffc26ca29a0fa6270 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "d7ff29a429b5",
"status": "affected",
"version": "81033c6b584b",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e7e0ca200772",
"status": "affected",
"version": "81033c6b584b",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e00747672573",
"status": "affected",
"version": "81033c6b584b",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e644036a3e2b",
"status": "affected",
"version": "81033c6b584b",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "c935e72139e6",
"status": "affected",
"version": "81033c6b584b",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6b8374ee2cab",
"status": "affected",
"version": "81033c6b584b",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "39381fe7394e",
"status": "affected",
"version": "81033c6b584b",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.219",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.161",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.93",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.33",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.12",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.9.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.10-rc1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T17:45:58.997847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T18:08:30.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e7351138a29c1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/core/init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d7ff29a429b56f04783152ad7bbd7233b740e434",
"status": "affected",
"version": "81033c6b584b44514cbb16fffc26ca29a0fa6270",
"versionType": "git"
},
{
"lessThan": "e7e0ca200772bdb2fdc6d43d32d341e87a36f811",
"status": "affected",
"version": "81033c6b584b44514cbb16fffc26ca29a0fa6270",
"versionType": "git"
},
{
"lessThan": "e007476725730c1a68387b54b7629486d8a8301e",
"status": "affected",
"version": "81033c6b584b44514cbb16fffc26ca29a0fa6270",
"versionType": "git"
},
{
"lessThan": "e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92",
"status": "affected",
"version": "81033c6b584b44514cbb16fffc26ca29a0fa6270",
"versionType": "git"
},
{
"lessThan": "c935e72139e6d523defd60fe875c01eb1f9ea5c5",
"status": "affected",
"version": "81033c6b584b44514cbb16fffc26ca29a0fa6270",
"versionType": "git"
},
{
"lessThan": "6b8374ee2cabcf034faa34e69a855dc496a9ec12",
"status": "affected",
"version": "81033c6b584b44514cbb16fffc26ca29a0fa6270",
"versionType": "git"
},
{
"lessThan": "39381fe7394e5eafac76e7e9367e7351138a29c1",
"status": "affected",
"version": "81033c6b584b44514cbb16fffc26ca29a0fa6270",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/core/init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: core: Fix NULL module pointer assignment at card init\n\nThe commit 81033c6b584b (\"ALSA: core: Warn on empty module\")\nintroduced a WARN_ON() for a NULL module pointer passed at snd_card\nobject creation, and it also wraps the code around it with \u0027#ifdef\nMODULE\u0027. This works in most cases, but the devils are always in\ndetails. \"MODULE\" is defined when the target code (i.e. the sound\ncore) is built as a module; but this doesn\u0027t mean that the caller is\nalso built-in or not. Namely, when only the sound core is built-in\n(CONFIG_SND=y) while the driver is a module (CONFIG_SND_USB_AUDIO=m),\nthe passed module pointer is ignored even if it\u0027s non-NULL, and\ncard-\u003emodule remains as NULL. This would result in the missing module\nreference up/down at the device open/close, leading to a race with the\ncode execution after the module removal.\n\nFor addressing the bug, move the assignment of card-\u003emodule again out\nof ifdef. The WARN_ON() is still wrapped with ifdef because the\nmodule can be really NULL when all sound drivers are built-in.\n\nNote that we keep \u0027ifdef MODULE\u0027 for WARN_ON(), otherwise it would\nlead to a false-positive NULL module check. Admittedly it won\u0027t catch\nperfectly, i.e. no check is performed when CONFIG_SND=y. But, it\u0027s no\nreal problem as it\u0027s only for debugging, and the condition is pretty\nrare."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:07.886Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434"
},
{
"url": "https://git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811"
},
{
"url": "https://git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301e"
},
{
"url": "https://git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92"
},
{
"url": "https://git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5"
},
{
"url": "https://git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12"
},
{
"url": "https://git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e7351138a29c1"
}
],
"title": "ALSA: core: Fix NULL module pointer assignment at card init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38605",
"datePublished": "2024-06-19T13:48:15.769Z",
"dateReserved": "2024-06-18T19:36:34.934Z",
"dateUpdated": "2025-05-04T09:15:07.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52806 (GCVE-0-2023-52806)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: Fix possible null-ptr-deref when assigning a stream
While AudioDSP drivers assign streams exclusively of HOST or LINK type,
nothing blocks a user to attempt to assign a COUPLED stream. As
supplied substream instance may be a stub, what is the case when
code-loading, such scenario ends with null-ptr-deref.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52806",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:47.089606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:54.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/hda/hdac_stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7de25112de8222fd20564769e6c99dc9f9738a0b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "758c7733cb821041f5fd403b7b97c0b95d319323",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2527775616f3638f4fd54649eba8c7b84d5e4250",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "25354bae4fc310c3928e8a42fda2d486f67745d7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "631a96e9eb4228ff75fce7e72d133ca81194797e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "43b91df291c8802268ab3cfd8fccfdf135800ed4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4a320da7f7cbdab2098b103c47f45d5061f42edd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f93dc90c2e8ed664985e366aa6459ac83cdab236",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/hda/hdac_stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Fix possible null-ptr-deref when assigning a stream\n\nWhile AudioDSP drivers assign streams exclusively of HOST or LINK type,\nnothing blocks a user to attempt to assign a COUPLED stream. As\nsupplied substream instance may be a stub, what is the case when\ncode-loading, such scenario ends with null-ptr-deref."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:32.461Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b"
},
{
"url": "https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323"
},
{
"url": "https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250"
},
{
"url": "https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7"
},
{
"url": "https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e"
},
{
"url": "https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4"
},
{
"url": "https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0"
},
{
"url": "https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd"
},
{
"url": "https://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236"
}
],
"title": "ALSA: hda: Fix possible null-ptr-deref when assigning a stream",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52806",
"datePublished": "2024-05-21T15:31:17.025Z",
"dateReserved": "2024-05-21T15:19:24.247Z",
"dateUpdated": "2025-05-04T07:43:32.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36904 (GCVE-0-2024-36904)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique()
with nice analysis.
Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for
timewait hashdance"), inet_twsk_hashdance() sets TIME-WAIT socket's
sk_refcnt after putting it into ehash and releasing the bucket lock.
Thus, there is a small race window where other threads could try to
reuse the port during connect() and call sock_hold() in tcp_twsk_unique()
for the TIME-WAIT socket with zero refcnt.
If that happens, the refcnt taken by tcp_twsk_unique() is overwritten
and sock_put() will cause underflow, triggering a real use-after-free
somewhere else.
To avoid the use-after-free, we need to use refcount_inc_not_zero() in
tcp_twsk_unique() and give up on reusing the port if it returns false.
[0]:
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110
CPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1
Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023
RIP: 0010:refcount_warn_saturate+0xe5/0x110
Code: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff <0f> 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8
RSP: 0018:ffffc90006b43b60 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027
RDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0
RBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0
R10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84
R13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0
FS: 00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0
PKRU: 55555554
Call Trace:
<TASK>
? refcount_warn_saturate+0xe5/0x110
? __warn+0x81/0x130
? refcount_warn_saturate+0xe5/0x110
? report_bug+0x171/0x1a0
? refcount_warn_saturate+0xe5/0x110
? handle_bug+0x3c/0x80
? exc_invalid_op+0x17/0x70
? asm_exc_invalid_op+0x1a/0x20
? refcount_warn_saturate+0xe5/0x110
tcp_twsk_unique+0x186/0x190
__inet_check_established+0x176/0x2d0
__inet_hash_connect+0x74/0x7d0
? __pfx___inet_check_established+0x10/0x10
tcp_v4_connect+0x278/0x530
__inet_stream_connect+0x10f/0x3d0
inet_stream_connect+0x3a/0x60
__sys_connect+0xa8/0xd0
__x64_sys_connect+0x18/0x20
do_syscall_64+0x83/0x170
entry_SYSCALL_64_after_hwframe+0x78/0x80
RIP: 0033:0x7f62c11a885d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d
RDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003
RBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0
R13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0
</TASK>
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d Version: ec94c2696f0bcd5ae92a553244e4ac30d2171a2d |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:20:22.181493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:20:38.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-05T08:03:30.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84546cc1aeeb4df3e444b18a4293c9823f974be9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1796ca9c6f5bd50554214053af5f47d112818ee3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d9cf07810c30ef7948879567d10fd1f01121d34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/27b0284d8be182a81feb65581ab6a724dfd596e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13ed7cdf079686ccd3618335205700c03f6fb446"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e48faad92be13166184d21506e4e54c79c13adc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2db7230f73a80dbb179deab78f88a7947f0ab7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_ipv4.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "84546cc1aeeb4df3e444b18a4293c9823f974be9",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "1796ca9c6f5bd50554214053af5f47d112818ee3",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "1d9cf07810c30ef7948879567d10fd1f01121d34",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "27b0284d8be182a81feb65581ab6a724dfd596e8",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "13ed7cdf079686ccd3618335205700c03f6fb446",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "6e48faad92be13166184d21506e4e54c79c13adc",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
},
{
"lessThan": "f2db7230f73a80dbb179deab78f88a7947f0ab7e",
"status": "affected",
"version": "ec94c2696f0bcd5ae92a553244e4ac30d2171a2d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_ipv4.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Use refcount_inc_not_zero() in tcp_twsk_unique().\n\nAnderson Nascimento reported a use-after-free splat in tcp_twsk_unique()\nwith nice analysis.\n\nSince commit ec94c2696f0b (\"tcp/dccp: avoid one atomic operation for\ntimewait hashdance\"), inet_twsk_hashdance() sets TIME-WAIT socket\u0027s\nsk_refcnt after putting it into ehash and releasing the bucket lock.\n\nThus, there is a small race window where other threads could try to\nreuse the port during connect() and call sock_hold() in tcp_twsk_unique()\nfor the TIME-WAIT socket with zero refcnt.\n\nIf that happens, the refcnt taken by tcp_twsk_unique() is overwritten\nand sock_put() will cause underflow, triggering a real use-after-free\nsomewhere else.\n\nTo avoid the use-after-free, we need to use refcount_inc_not_zero() in\ntcp_twsk_unique() and give up on reusing the port if it returns false.\n\n[0]:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110\nCPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1\nHardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023\nRIP: 0010:refcount_warn_saturate+0xe5/0x110\nCode: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff \u003c0f\u003e 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8\nRSP: 0018:ffffc90006b43b60 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027\nRDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0\nRBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0\nR10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84\nR13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0\nFS: 00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xe5/0x110\n ? __warn+0x81/0x130\n ? refcount_warn_saturate+0xe5/0x110\n ? report_bug+0x171/0x1a0\n ? refcount_warn_saturate+0xe5/0x110\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? refcount_warn_saturate+0xe5/0x110\n tcp_twsk_unique+0x186/0x190\n __inet_check_established+0x176/0x2d0\n __inet_hash_connect+0x74/0x7d0\n ? __pfx___inet_check_established+0x10/0x10\n tcp_v4_connect+0x278/0x530\n __inet_stream_connect+0x10f/0x3d0\n inet_stream_connect+0x3a/0x60\n __sys_connect+0xa8/0xd0\n __x64_sys_connect+0x18/0x20\n do_syscall_64+0x83/0x170\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7f62c11a885d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d\nRDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003\nRBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0\nR13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:46.007Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/84546cc1aeeb4df3e444b18a4293c9823f974be9"
},
{
"url": "https://git.kernel.org/stable/c/1796ca9c6f5bd50554214053af5f47d112818ee3"
},
{
"url": "https://git.kernel.org/stable/c/1d9cf07810c30ef7948879567d10fd1f01121d34"
},
{
"url": "https://git.kernel.org/stable/c/27b0284d8be182a81feb65581ab6a724dfd596e8"
},
{
"url": "https://git.kernel.org/stable/c/13ed7cdf079686ccd3618335205700c03f6fb446"
},
{
"url": "https://git.kernel.org/stable/c/6e48faad92be13166184d21506e4e54c79c13adc"
},
{
"url": "https://git.kernel.org/stable/c/517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc"
},
{
"url": "https://git.kernel.org/stable/c/f2db7230f73a80dbb179deab78f88a7947f0ab7e"
}
],
"title": "tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36904",
"datePublished": "2024-05-30T15:29:05.457Z",
"dateReserved": "2024-05-30T15:25:07.067Z",
"dateUpdated": "2025-05-04T09:11:46.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39277 (GCVE-0-2024-39277)
Vulnerability from cvelistv5
Published
2024-06-21 11:15
Modified
2025-05-04 09:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dma-mapping: benchmark: handle NUMA_NO_NODE correctly
cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark()
resulting in the following sanitizer report:
UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28
index -1 is out of range for type 'cpumask [64][1]'
CPU: 1 PID: 990 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #29
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
Call Trace:
<TASK>
dump_stack_lvl (lib/dump_stack.c:117)
ubsan_epilogue (lib/ubsan.c:232)
__ubsan_handle_out_of_bounds (lib/ubsan.c:429)
cpumask_of_node (arch/x86/include/asm/topology.h:72) [inline]
do_map_benchmark (kernel/dma/map_benchmark.c:104)
map_benchmark_ioctl (kernel/dma/map_benchmark.c:246)
full_proxy_unlocked_ioctl (fs/debugfs/file.c:333)
__x64_sys_ioctl (fs/ioctl.c:890)
do_syscall_64 (arch/x86/entry/common.c:83)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
Use cpumask_of_node() in place when binding a kernel thread to a cpuset
of a particular node.
Note that the provided node id is checked inside map_benchmark_ioctl().
It's just a NUMA_NO_NODE case which is not handled properly later.
Found by Linux Verification Center (linuxtesting.org).
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.11:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b41b0018e8ca",
"status": "affected",
"version": "65789daa8087",
"versionType": "git"
},
{
"lessThan": "8e1ba9df9a35",
"status": "affected",
"version": "65789daa8087",
"versionType": "git"
},
{
"lessThan": "5a91116b0031",
"status": "affected",
"version": "65789daa8087",
"versionType": "git"
},
{
"lessThan": "50ee21bfc005",
"status": "affected",
"version": "65789daa8087",
"versionType": "git"
},
{
"lessThan": "e64746e74f71",
"status": "affected",
"version": "65789daa8087",
"versionType": "git"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T03:55:13.483536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T13:31:39.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b41b0018e8ca06e985e87220a618ec633988fd13"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e1ba9df9a35e8dc64f657a64e523c79ba01e464"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a91116b003175302f2e6ad94b76fb9b5a141a41"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50ee21bfc005e69f183d6b4b454e33f0c2571e1f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e64746e74f717961250a155e14c156616fcd981f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/dma/map_benchmark.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b41b0018e8ca06e985e87220a618ec633988fd13",
"status": "affected",
"version": "65789daa8087e125927230ccb7e1eab13999b0cf",
"versionType": "git"
},
{
"lessThan": "8e1ba9df9a35e8dc64f657a64e523c79ba01e464",
"status": "affected",
"version": "65789daa8087e125927230ccb7e1eab13999b0cf",
"versionType": "git"
},
{
"lessThan": "5a91116b003175302f2e6ad94b76fb9b5a141a41",
"status": "affected",
"version": "65789daa8087e125927230ccb7e1eab13999b0cf",
"versionType": "git"
},
{
"lessThan": "50ee21bfc005e69f183d6b4b454e33f0c2571e1f",
"status": "affected",
"version": "65789daa8087e125927230ccb7e1eab13999b0cf",
"versionType": "git"
},
{
"lessThan": "e64746e74f717961250a155e14c156616fcd981f",
"status": "affected",
"version": "65789daa8087e125927230ccb7e1eab13999b0cf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/dma/map_benchmark.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-mapping: benchmark: handle NUMA_NO_NODE correctly\n\ncpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark()\nresulting in the following sanitizer report:\n\nUBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28\nindex -1 is out of range for type \u0027cpumask [64][1]\u0027\nCPU: 1 PID: 990 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n \u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:117)\nubsan_epilogue (lib/ubsan.c:232)\n__ubsan_handle_out_of_bounds (lib/ubsan.c:429)\ncpumask_of_node (arch/x86/include/asm/topology.h:72) [inline]\ndo_map_benchmark (kernel/dma/map_benchmark.c:104)\nmap_benchmark_ioctl (kernel/dma/map_benchmark.c:246)\nfull_proxy_unlocked_ioctl (fs/debugfs/file.c:333)\n__x64_sys_ioctl (fs/ioctl.c:890)\ndo_syscall_64 (arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nUse cpumask_of_node() in place when binding a kernel thread to a cpuset\nof a particular node.\n\nNote that the provided node id is checked inside map_benchmark_ioctl().\nIt\u0027s just a NUMA_NO_NODE case which is not handled properly later.\n\nFound by Linux Verification Center (linuxtesting.org)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:16:07.465Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b41b0018e8ca06e985e87220a618ec633988fd13"
},
{
"url": "https://git.kernel.org/stable/c/8e1ba9df9a35e8dc64f657a64e523c79ba01e464"
},
{
"url": "https://git.kernel.org/stable/c/5a91116b003175302f2e6ad94b76fb9b5a141a41"
},
{
"url": "https://git.kernel.org/stable/c/50ee21bfc005e69f183d6b4b454e33f0c2571e1f"
},
{
"url": "https://git.kernel.org/stable/c/e64746e74f717961250a155e14c156616fcd981f"
}
],
"title": "dma-mapping: benchmark: handle NUMA_NO_NODE correctly",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39277",
"datePublished": "2024-06-21T11:15:13.559Z",
"dateReserved": "2024-06-21T10:12:11.489Z",
"dateUpdated": "2025-05-04T09:16:07.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52862 (GCVE-0-2023-52862)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix null pointer dereference in error message
This patch fixes a null pointer dereference in the error message that is
printed when the Display Core (DC) fails to initialize. The original
message includes the DC version number, which is undefined if the DC is
not initialized.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T17:11:35.315228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:46:54.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97ef07182ac46b069bb5e7d46cb903a764d67898"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b72c5d4a5d25e76b16283397c40b8b3c0d70019"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c3601a2fbfb265ce283651480e30c8e60459112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "97ef07182ac46b069bb5e7d46cb903a764d67898",
"status": "affected",
"version": "9788d087caffd8358d6e14349ee69d9385666719",
"versionType": "git"
},
{
"lessThan": "8b72c5d4a5d25e76b16283397c40b8b3c0d70019",
"status": "affected",
"version": "9788d087caffd8358d6e14349ee69d9385666719",
"versionType": "git"
},
{
"lessThan": "0c3601a2fbfb265ce283651480e30c8e60459112",
"status": "affected",
"version": "9788d087caffd8358d6e14349ee69d9385666719",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer dereference in error message\n\nThis patch fixes a null pointer dereference in the error message that is\nprinted when the Display Core (DC) fails to initialize. The original\nmessage includes the DC version number, which is undefined if the DC is\nnot initialized."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:31.377Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/97ef07182ac46b069bb5e7d46cb903a764d67898"
},
{
"url": "https://git.kernel.org/stable/c/8b72c5d4a5d25e76b16283397c40b8b3c0d70019"
},
{
"url": "https://git.kernel.org/stable/c/0c3601a2fbfb265ce283651480e30c8e60459112"
}
],
"title": "drm/amd/display: Fix null pointer dereference in error message",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52862",
"datePublished": "2024-05-21T15:31:54.544Z",
"dateReserved": "2024-05-21T15:19:24.261Z",
"dateUpdated": "2025-05-04T07:44:31.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36971 (GCVE-0-2024-36971)
Vulnerability from cvelistv5
Published
2024-06-10 09:03
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: fix __dst_negative_advice() race
__dst_negative_advice() does not enforce proper RCU rules when
sk->dst_cache must be cleared, leading to possible UAF.
RCU rules are that we must first clear sk->sk_dst_cache,
then call dst_release(old_dst).
Note that sk_dst_reset(sk) is implementing this protocol correctly,
while __dst_negative_advice() uses the wrong order.
Given that ip6_negative_advice() has special logic
against RTF_CACHE, this means each of the three ->negative_advice()
existing methods must perform the sk_dst_reset() themselves.
Note the check against NULL dst is centralized in
__dst_negative_advice(), there is no need to duplicate
it in various callbacks.
Many thanks to Clement Lecigne for tracking this issue.
This old bug became visible after the blamed commit, using UDP sockets.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 Version: a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/db0082825037794c5dba9959c9de13ca34cc5e72"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2295a7ef5c8c49241bff769e7826ef2582e532a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eacb8b195579c174a6d3e12a9690b206eb7f28cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81dd3c82a456b0015461754be7cb2693991421b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5af198c387128a9d2ddd620b0f0803564a4d4508"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:4.6:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.6"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "051c0bde9f04",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "db0082825037",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "eacb8b195579",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "5af198c38712",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2",
"status": "affected",
"version": "a87cb3e48ee8",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:4.19.316:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.20",
"status": "unaffected",
"version": "4.19.316",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.4.278:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.5",
"status": "unaffected",
"version": "5.4.278",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.10.219:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.11",
"status": "unaffected",
"version": "5.10.219",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.15.161:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.16",
"status": "unaffected",
"version": "5.15.161",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.1.94:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.94",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.6.34:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "6.6.34",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.9.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.10",
"status": "unaffected",
"version": "6.9.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.10:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36971",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T03:55:25.565547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-08-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-36971"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:01.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2024-08-07T00:00:00+00:00",
"value": "CVE-2024-36971 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/dst_ops.h",
"include/net/sock.h",
"net/ipv4/route.c",
"net/ipv6/route.c",
"net/xfrm/xfrm_policy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "051c0bde9f0450a2ec3d62a86d2a0d2fad117f13",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
},
{
"lessThan": "db0082825037794c5dba9959c9de13ca34cc5e72",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
},
{
"lessThan": "2295a7ef5c8c49241bff769e7826ef2582e532a6",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
},
{
"lessThan": "eacb8b195579c174a6d3e12a9690b206eb7f28cf",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
},
{
"lessThan": "81dd3c82a456b0015461754be7cb2693991421b4",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
},
{
"lessThan": "5af198c387128a9d2ddd620b0f0803564a4d4508",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
},
{
"lessThan": "b8af8e6118a6605f0e495a58d591ca94a85a50fc",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
},
{
"lessThan": "92f1655aa2b2294d0b49925f3b875a634bd3b59e",
"status": "affected",
"version": "a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/dst_ops.h",
"include/net/sock.h",
"net/ipv4/route.c",
"net/ipv6/route.c",
"net/xfrm/xfrm_policy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.94",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.34",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix __dst_negative_advice() race\n\n__dst_negative_advice() does not enforce proper RCU rules when\nsk-\u003edst_cache must be cleared, leading to possible UAF.\n\nRCU rules are that we must first clear sk-\u003esk_dst_cache,\nthen call dst_release(old_dst).\n\nNote that sk_dst_reset(sk) is implementing this protocol correctly,\nwhile __dst_negative_advice() uses the wrong order.\n\nGiven that ip6_negative_advice() has special logic\nagainst RTF_CACHE, this means each of the three -\u003enegative_advice()\nexisting methods must perform the sk_dst_reset() themselves.\n\nNote the check against NULL dst is centralized in\n__dst_negative_advice(), there is no need to duplicate\nit in various callbacks.\n\nMany thanks to Clement Lecigne for tracking this issue.\n\nThis old bug became visible after the blamed commit, using UDP sockets."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:06.632Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13"
},
{
"url": "https://git.kernel.org/stable/c/db0082825037794c5dba9959c9de13ca34cc5e72"
},
{
"url": "https://git.kernel.org/stable/c/2295a7ef5c8c49241bff769e7826ef2582e532a6"
},
{
"url": "https://git.kernel.org/stable/c/eacb8b195579c174a6d3e12a9690b206eb7f28cf"
},
{
"url": "https://git.kernel.org/stable/c/81dd3c82a456b0015461754be7cb2693991421b4"
},
{
"url": "https://git.kernel.org/stable/c/5af198c387128a9d2ddd620b0f0803564a4d4508"
},
{
"url": "https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc"
},
{
"url": "https://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e"
}
],
"title": "net: fix __dst_negative_advice() race",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36971",
"datePublished": "2024-06-10T09:03:23.878Z",
"dateReserved": "2024-05-30T15:25:07.082Z",
"dateUpdated": "2025-07-30T01:37:01.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52780 (GCVE-0-2023-52780)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: mvneta: fix calls to page_pool_get_stats
Calling page_pool_get_stats in the mvneta driver without checks
leads to kernel crashes.
First the page pool is only available if the bm is not used.
The page pool is also not allocated when the port is stopped.
It can also be not allocated in case of errors.
The current implementation leads to the following crash calling
ethstats on a port that is down or when calling it at the wrong moment:
ble to handle kernel NULL pointer dereference at virtual address 00000070
[00000070] *pgd=00000000
Internal error: Oops: 5 [#1] SMP ARM
Hardware name: Marvell Armada 380/385 (Device Tree)
PC is at page_pool_get_stats+0x18/0x1cc
LR is at mvneta_ethtool_get_stats+0xa0/0xe0 [mvneta]
pc : [<c0b413cc>] lr : [<bf0a98d8>] psr: a0000013
sp : f1439d48 ip : f1439dc0 fp : 0000001d
r10: 00000100 r9 : c4816b80 r8 : f0d75150
r7 : bf0b400c r6 : c238f000 r5 : 00000000 r4 : f1439d68
r3 : c2091040 r2 : ffffffd8 r1 : f1439d68 r0 : 00000000
Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 10c5387d Table: 066b004a DAC: 00000051
Register r0 information: NULL pointer
Register r1 information: 2-page vmalloc region starting at 0xf1438000 allocated at kernel_clone+0x9c/0x390
Register r2 information: non-paged memory
Register r3 information: slab kmalloc-2k start c2091000 pointer offset 64 size 2048
Register r4 information: 2-page vmalloc region starting at 0xf1438000 allocated at kernel_clone+0x9c/0x390
Register r5 information: NULL pointer
Register r6 information: slab kmalloc-cg-4k start c238f000 pointer offset 0 size 4096
Register r7 information: 15-page vmalloc region starting at 0xbf0a8000 allocated at load_module+0xa30/0x219c
Register r8 information: 1-page vmalloc region starting at 0xf0d75000 allocated at ethtool_get_stats+0x138/0x208
Register r9 information: slab task_struct start c4816b80 pointer offset 0
Register r10 information: non-paged memory
Register r11 information: non-paged memory
Register r12 information: 2-page vmalloc region starting at 0xf1438000 allocated at kernel_clone+0x9c/0x390
Process snmpd (pid: 733, stack limit = 0x38de3a88)
Stack: (0xf1439d48 to 0xf143a000)
9d40: 000000c0 00000001 c238f000 bf0b400c f0d75150 c4816b80
9d60: 00000100 bf0a98d8 00000000 00000000 00000000 00000000 00000000 00000000
9d80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9da0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9dc0: 00000dc0 5335509c 00000035 c238f000 bf0b2214 01067f50 f0d75000 c0b9b9c8
9de0: 0000001d 00000035 c2212094 5335509c c4816b80 c238f000 c5ad6e00 01067f50
9e00: c1b0be80 c4816b80 00014813 c0b9d7f0 00000000 00000000 0000001d 0000001d
9e20: 00000000 00001200 00000000 00000000 c216ed90 c73943b8 00000000 00000000
9e40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9e60: 00000000 c0ad9034 00000000 00000000 00000000 00000000 00000000 00000000
9e80: 00000000 00000000 00000000 5335509c c1b0be80 f1439ee4 00008946 c1b0be80
9ea0: 01067f50 f1439ee3 00000000 00000046 b6d77ae0 c0b383f0 00008946 becc83e8
9ec0: c1b0be80 00000051 0000000b c68ca480 c7172d00 c0ad8ff0 f1439ee3 cf600e40
9ee0: 01600e40 32687465 00000000 00000000 00000000 01067f50 00000000 00000000
9f00: 00000000 5335509c 00008946 00008946 00000000 c68ca480 becc83e8 c05e2de0
9f20: f1439fb0 c03002f0 00000006 5ac3c35a c4816b80 00000006 b6d77ae0 c030caf0
9f40: c4817350 00000014 f1439e1c 0000000c 00000000 00000051 01000000 00000014
9f60: 00003fec f1439edc 00000001 c0372abc b6d77ae0 c0372abc cf600e40 5335509c
9f80: c21e6800 01015c9c 0000000b 00008946 00000036 c03002f0 c4816b80 00000036
9fa0: b6d77ae0 c03000c0 01015c9c 0000000b 0000000b 00008946 becc83e8 00000000
9fc0: 01015c9c 0000000b 00008946 00000036 00000035 010678a0 b6d797ec b6d77ae0
9fe0: b6dbf738 becc838c b6d186d7 b6baa858 40000030 0000000b 00000000 00000000
page_pool_get_s
---truncated---
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:36:55.897084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:37:20.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00768b3e90e648227eaa959d9d279f5e32823df1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/230dc06e2495487d88b3410da055bb618febb19b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b0e99072654edd601d05c0061a20337af5008ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca8add922f9c7f6e2e3c71039da8e0dcc64b87ed"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/mvneta.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "00768b3e90e648227eaa959d9d279f5e32823df1",
"status": "affected",
"version": "b3fc79225f055af7ef48b47a90752c31cc062e6e",
"versionType": "git"
},
{
"lessThan": "230dc06e2495487d88b3410da055bb618febb19b",
"status": "affected",
"version": "b3fc79225f055af7ef48b47a90752c31cc062e6e",
"versionType": "git"
},
{
"lessThan": "2b0e99072654edd601d05c0061a20337af5008ba",
"status": "affected",
"version": "b3fc79225f055af7ef48b47a90752c31cc062e6e",
"versionType": "git"
},
{
"lessThan": "ca8add922f9c7f6e2e3c71039da8e0dcc64b87ed",
"status": "affected",
"version": "b3fc79225f055af7ef48b47a90752c31cc062e6e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/mvneta.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvneta: fix calls to page_pool_get_stats\n\nCalling page_pool_get_stats in the mvneta driver without checks\nleads to kernel crashes.\nFirst the page pool is only available if the bm is not used.\nThe page pool is also not allocated when the port is stopped.\nIt can also be not allocated in case of errors.\n\nThe current implementation leads to the following crash calling\nethstats on a port that is down or when calling it at the wrong moment:\n\nble to handle kernel NULL pointer dereference at virtual address 00000070\n[00000070] *pgd=00000000\nInternal error: Oops: 5 [#1] SMP ARM\nHardware name: Marvell Armada 380/385 (Device Tree)\nPC is at page_pool_get_stats+0x18/0x1cc\nLR is at mvneta_ethtool_get_stats+0xa0/0xe0 [mvneta]\npc : [\u003cc0b413cc\u003e] lr : [\u003cbf0a98d8\u003e] psr: a0000013\nsp : f1439d48 ip : f1439dc0 fp : 0000001d\nr10: 00000100 r9 : c4816b80 r8 : f0d75150\nr7 : bf0b400c r6 : c238f000 r5 : 00000000 r4 : f1439d68\nr3 : c2091040 r2 : ffffffd8 r1 : f1439d68 r0 : 00000000\nFlags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none\nControl: 10c5387d Table: 066b004a DAC: 00000051\nRegister r0 information: NULL pointer\nRegister r1 information: 2-page vmalloc region starting at 0xf1438000 allocated at kernel_clone+0x9c/0x390\nRegister r2 information: non-paged memory\nRegister r3 information: slab kmalloc-2k start c2091000 pointer offset 64 size 2048\nRegister r4 information: 2-page vmalloc region starting at 0xf1438000 allocated at kernel_clone+0x9c/0x390\nRegister r5 information: NULL pointer\nRegister r6 information: slab kmalloc-cg-4k start c238f000 pointer offset 0 size 4096\nRegister r7 information: 15-page vmalloc region starting at 0xbf0a8000 allocated at load_module+0xa30/0x219c\nRegister r8 information: 1-page vmalloc region starting at 0xf0d75000 allocated at ethtool_get_stats+0x138/0x208\nRegister r9 information: slab task_struct start c4816b80 pointer offset 0\nRegister r10 information: non-paged memory\nRegister r11 information: non-paged memory\nRegister r12 information: 2-page vmalloc region starting at 0xf1438000 allocated at kernel_clone+0x9c/0x390\nProcess snmpd (pid: 733, stack limit = 0x38de3a88)\nStack: (0xf1439d48 to 0xf143a000)\n9d40: 000000c0 00000001 c238f000 bf0b400c f0d75150 c4816b80\n9d60: 00000100 bf0a98d8 00000000 00000000 00000000 00000000 00000000 00000000\n9d80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n9da0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n9dc0: 00000dc0 5335509c 00000035 c238f000 bf0b2214 01067f50 f0d75000 c0b9b9c8\n9de0: 0000001d 00000035 c2212094 5335509c c4816b80 c238f000 c5ad6e00 01067f50\n9e00: c1b0be80 c4816b80 00014813 c0b9d7f0 00000000 00000000 0000001d 0000001d\n9e20: 00000000 00001200 00000000 00000000 c216ed90 c73943b8 00000000 00000000\n9e40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n9e60: 00000000 c0ad9034 00000000 00000000 00000000 00000000 00000000 00000000\n9e80: 00000000 00000000 00000000 5335509c c1b0be80 f1439ee4 00008946 c1b0be80\n9ea0: 01067f50 f1439ee3 00000000 00000046 b6d77ae0 c0b383f0 00008946 becc83e8\n9ec0: c1b0be80 00000051 0000000b c68ca480 c7172d00 c0ad8ff0 f1439ee3 cf600e40\n9ee0: 01600e40 32687465 00000000 00000000 00000000 01067f50 00000000 00000000\n9f00: 00000000 5335509c 00008946 00008946 00000000 c68ca480 becc83e8 c05e2de0\n9f20: f1439fb0 c03002f0 00000006 5ac3c35a c4816b80 00000006 b6d77ae0 c030caf0\n9f40: c4817350 00000014 f1439e1c 0000000c 00000000 00000051 01000000 00000014\n9f60: 00003fec f1439edc 00000001 c0372abc b6d77ae0 c0372abc cf600e40 5335509c\n9f80: c21e6800 01015c9c 0000000b 00008946 00000036 c03002f0 c4816b80 00000036\n9fa0: b6d77ae0 c03000c0 01015c9c 0000000b 0000000b 00008946 becc83e8 00000000\n9fc0: 01015c9c 0000000b 00008946 00000036 00000035 010678a0 b6d797ec b6d77ae0\n9fe0: b6dbf738 becc838c b6d186d7 b6baa858 40000030 0000000b 00000000 00000000\n page_pool_get_s\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:04.891Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/00768b3e90e648227eaa959d9d279f5e32823df1"
},
{
"url": "https://git.kernel.org/stable/c/230dc06e2495487d88b3410da055bb618febb19b"
},
{
"url": "https://git.kernel.org/stable/c/2b0e99072654edd601d05c0061a20337af5008ba"
},
{
"url": "https://git.kernel.org/stable/c/ca8add922f9c7f6e2e3c71039da8e0dcc64b87ed"
}
],
"title": "net: mvneta: fix calls to page_pool_get_stats",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52780",
"datePublished": "2024-05-21T15:30:59.557Z",
"dateReserved": "2024-05-21T15:19:24.240Z",
"dateUpdated": "2025-05-04T07:43:04.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52829 (GCVE-0-2023-52829)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()
reg_cap.phy_id is extracted from WMI event and could be an unexpected value
in case some errors happen. As a result out-of-bound write may occur to
soc->hal_reg_cap. Fix it by validating reg_cap.phy_id before using it.
This is found during code review.
Compile tested only.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52829",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:36:39.580141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T18:02:43.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dfe13eaab043130f90dd3d57c7d88577c04adc97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4dd0547e8b45faf6f95373be5436b66cde326c0e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b302dce3d9edea5b93d1902a541684a967f3c63c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dfe13eaab043130f90dd3d57c7d88577c04adc97",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "4dd0547e8b45faf6f95373be5436b66cde326c0e",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "b302dce3d9edea5b93d1902a541684a967f3c63c",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()\n\nreg_cap.phy_id is extracted from WMI event and could be an unexpected value\nin case some errors happen. As a result out-of-bound write may occur to\nsoc-\u003ehal_reg_cap. Fix it by validating reg_cap.phy_id before using it.\n\nThis is found during code review.\n\nCompile tested only."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:54.293Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dfe13eaab043130f90dd3d57c7d88577c04adc97"
},
{
"url": "https://git.kernel.org/stable/c/4dd0547e8b45faf6f95373be5436b66cde326c0e"
},
{
"url": "https://git.kernel.org/stable/c/b302dce3d9edea5b93d1902a541684a967f3c63c"
}
],
"title": "wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52829",
"datePublished": "2024-05-21T15:31:32.164Z",
"dateReserved": "2024-05-21T15:19:24.251Z",
"dateUpdated": "2025-05-04T07:43:54.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52834 (GCVE-0-2023-52834)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
atl1c: Work around the DMA RX overflow issue
This is based on alx driver commit 881d0327db37 ("net: alx: Work around
the DMA RX overflow issue").
The alx and atl1c drivers had RX overflow error which was why a custom
allocator was created to avoid certain addresses. The simpler workaround
then created for alx driver, but not for atl1c due to lack of tester.
Instead of using a custom allocator, check the allocated skb address and
use skb_reserve() to move away from problematic 0x...fc0 address.
Tested on AR8131 on Acer 4540.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T18:09:31.471989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:26.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c29a89b23f67ee592f4dee61f9d7efbf86d60315"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57e44ff9c2c9747b2b1a53556810b0e5192655d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54a6152da4993ec8e4b53dc3cf577f5a2c829afa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32f08b7b430ee01ec47d730f961a3306c1c7b6fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/86565682e9053e5deb128193ea9e88531bbae9cf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/atheros/atl1c/atl1c.h",
"drivers/net/ethernet/atheros/atl1c/atl1c_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c29a89b23f67ee592f4dee61f9d7efbf86d60315",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "57e44ff9c2c9747b2b1a53556810b0e5192655d6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "54a6152da4993ec8e4b53dc3cf577f5a2c829afa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "32f08b7b430ee01ec47d730f961a3306c1c7b6fb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "86565682e9053e5deb128193ea9e88531bbae9cf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/atheros/atl1c/atl1c.h",
"drivers/net/ethernet/atheros/atl1c/atl1c_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\natl1c: Work around the DMA RX overflow issue\n\nThis is based on alx driver commit 881d0327db37 (\"net: alx: Work around\nthe DMA RX overflow issue\").\n\nThe alx and atl1c drivers had RX overflow error which was why a custom\nallocator was created to avoid certain addresses. The simpler workaround\nthen created for alx driver, but not for atl1c due to lack of tester.\n\nInstead of using a custom allocator, check the allocated skb address and\nuse skb_reserve() to move away from problematic 0x...fc0 address.\n\nTested on AR8131 on Acer 4540."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:59.052Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c29a89b23f67ee592f4dee61f9d7efbf86d60315"
},
{
"url": "https://git.kernel.org/stable/c/57e44ff9c2c9747b2b1a53556810b0e5192655d6"
},
{
"url": "https://git.kernel.org/stable/c/54a6152da4993ec8e4b53dc3cf577f5a2c829afa"
},
{
"url": "https://git.kernel.org/stable/c/32f08b7b430ee01ec47d730f961a3306c1c7b6fb"
},
{
"url": "https://git.kernel.org/stable/c/86565682e9053e5deb128193ea9e88531bbae9cf"
}
],
"title": "atl1c: Work around the DMA RX overflow issue",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52834",
"datePublished": "2024-05-21T15:31:35.575Z",
"dateReserved": "2024-05-21T15:19:24.252Z",
"dateUpdated": "2025-05-04T07:43:59.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36978 (GCVE-0-2024-36978)
Vulnerability from cvelistv5
Published
2024-06-19 06:20
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: sched: sch_multiq: fix possible OOB write in multiq_tune()
q->bands will be assigned to qopt->bands to execute subsequent code logic
after kmalloc. So the old q->bands should not be used in kmalloc.
Otherwise, an out-of-bounds write will occur.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c2999f7fb05b87da4060e38150c70fa46794d82b Version: c2999f7fb05b87da4060e38150c70fa46794d82b Version: c2999f7fb05b87da4060e38150c70fa46794d82b Version: c2999f7fb05b87da4060e38150c70fa46794d82b Version: c2999f7fb05b87da4060e38150c70fa46794d82b Version: c2999f7fb05b87da4060e38150c70fa46794d82b Version: c2999f7fb05b87da4060e38150c70fa46794d82b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T04:55:12.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52b1aa07cda6a199cd6754d3798c7759023bc70f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/598572c64287aee0b75bbba4e2881496878860f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f208fad86631e005754606c3ec80c0d44a11882"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54c2c171c11a798fe887b3ff72922aa9d1411c1e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d6fb5110e8722bc00748f22caeb650fe4672f129"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_multiq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d",
"status": "affected",
"version": "c2999f7fb05b87da4060e38150c70fa46794d82b",
"versionType": "git"
},
{
"lessThan": "52b1aa07cda6a199cd6754d3798c7759023bc70f",
"status": "affected",
"version": "c2999f7fb05b87da4060e38150c70fa46794d82b",
"versionType": "git"
},
{
"lessThan": "598572c64287aee0b75bbba4e2881496878860f3",
"status": "affected",
"version": "c2999f7fb05b87da4060e38150c70fa46794d82b",
"versionType": "git"
},
{
"lessThan": "0f208fad86631e005754606c3ec80c0d44a11882",
"status": "affected",
"version": "c2999f7fb05b87da4060e38150c70fa46794d82b",
"versionType": "git"
},
{
"lessThan": "54c2c171c11a798fe887b3ff72922aa9d1411c1e",
"status": "affected",
"version": "c2999f7fb05b87da4060e38150c70fa46794d82b",
"versionType": "git"
},
{
"lessThan": "d6fb5110e8722bc00748f22caeb650fe4672f129",
"status": "affected",
"version": "c2999f7fb05b87da4060e38150c70fa46794d82b",
"versionType": "git"
},
{
"lessThan": "affc18fdc694190ca7575b9a86632a73b9fe043d",
"status": "affected",
"version": "c2999f7fb05b87da4060e38150c70fa46794d82b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_multiq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: sch_multiq: fix possible OOB write in multiq_tune()\n\nq-\u003ebands will be assigned to qopt-\u003ebands to execute subsequent code logic\nafter kmalloc. So the old q-\u003ebands should not be used in kmalloc.\nOtherwise, an out-of-bounds write will occur."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:14.643Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d"
},
{
"url": "https://git.kernel.org/stable/c/52b1aa07cda6a199cd6754d3798c7759023bc70f"
},
{
"url": "https://git.kernel.org/stable/c/598572c64287aee0b75bbba4e2881496878860f3"
},
{
"url": "https://git.kernel.org/stable/c/0f208fad86631e005754606c3ec80c0d44a11882"
},
{
"url": "https://git.kernel.org/stable/c/54c2c171c11a798fe887b3ff72922aa9d1411c1e"
},
{
"url": "https://git.kernel.org/stable/c/d6fb5110e8722bc00748f22caeb650fe4672f129"
},
{
"url": "https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043d"
}
],
"title": "net: sched: sch_multiq: fix possible OOB write in multiq_tune()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36978",
"datePublished": "2024-06-19T06:20:23.103Z",
"dateReserved": "2024-05-30T15:25:07.082Z",
"dateUpdated": "2025-05-04T09:13:14.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38562 (GCVE-0-2024-38562)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: Avoid address calculations via out of bounds array indexing
Before request->channels[] can be used, request->n_channels must be set.
Additionally, address calculations for memory after the "channels" array
need to be calculated from the allocation base ("request") rather than
via the first "out of bounds" index of "channels", otherwise run-time
bounds checking will throw a warning.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:19:16.274389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T19:20:09.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed74398642fcb19f6ff385c35a7d512c6663e17b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e2a5566462b53db7d4c4722da86eedf0b8f546c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8fa4d56564ee7cc2ee348258d88efe191d70dd7f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/838c7b8f1f278404d9d684c34a8cb26dc41aaaa1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ed74398642fcb19f6ff385c35a7d512c6663e17b",
"status": "affected",
"version": "e3eac9f32ec04112b39e01b574ac739382469bf9",
"versionType": "git"
},
{
"lessThan": "4e2a5566462b53db7d4c4722da86eedf0b8f546c",
"status": "affected",
"version": "e3eac9f32ec04112b39e01b574ac739382469bf9",
"versionType": "git"
},
{
"lessThan": "8fa4d56564ee7cc2ee348258d88efe191d70dd7f",
"status": "affected",
"version": "e3eac9f32ec04112b39e01b574ac739382469bf9",
"versionType": "git"
},
{
"lessThan": "838c7b8f1f278404d9d684c34a8cb26dc41aaaa1",
"status": "affected",
"version": "e3eac9f32ec04112b39e01b574ac739382469bf9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: Avoid address calculations via out of bounds array indexing\n\nBefore request-\u003echannels[] can be used, request-\u003en_channels must be set.\nAdditionally, address calculations for memory after the \"channels\" array\nneed to be calculated from the allocation base (\"request\") rather than\nvia the first \"out of bounds\" index of \"channels\", otherwise run-time\nbounds checking will throw a warning."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:09.844Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ed74398642fcb19f6ff385c35a7d512c6663e17b"
},
{
"url": "https://git.kernel.org/stable/c/4e2a5566462b53db7d4c4722da86eedf0b8f546c"
},
{
"url": "https://git.kernel.org/stable/c/8fa4d56564ee7cc2ee348258d88efe191d70dd7f"
},
{
"url": "https://git.kernel.org/stable/c/838c7b8f1f278404d9d684c34a8cb26dc41aaaa1"
}
],
"title": "wifi: nl80211: Avoid address calculations via out of bounds array indexing",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38562",
"datePublished": "2024-06-19T13:35:30.893Z",
"dateReserved": "2024-06-18T19:36:34.922Z",
"dateUpdated": "2025-05-04T09:14:09.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38549 (GCVE-0-2024-38549)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object
of 0 bytes. Currently, no such check exists and the kernel will panic if
a userspace application attempts to allocate a 0x0 GBM buffer.
Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and
verifying that we now return EINVAL.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d Version: 119f5173628aa7a0c3cf9db83460d40709e8241d |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79078880795478d551a05acc41f957700030d364"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be34a1b351ea7faeb15dde8c44fe89de3980ae67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d17b75ee9c2e44d3a3682c4ea5ab713ea6073350"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0e3b6f9123726858cac299e1654e3d20424cabe4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13562c2d48c9ee330de1077d00146742be368f05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af26ea99019caee1500bf7e60c861136c0bf8594"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9489951e3ae505534c4013db4e76b1b5a3151ac7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb4aabdb1b48c25d9e1ee28f89440fd2ce556405"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e4350095e8ab2577ee05f8c3b044e661b5af9a0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:57.159226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:57.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/mediatek/mtk_drm_gem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "79078880795478d551a05acc41f957700030d364",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "be34a1b351ea7faeb15dde8c44fe89de3980ae67",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "d17b75ee9c2e44d3a3682c4ea5ab713ea6073350",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "0e3b6f9123726858cac299e1654e3d20424cabe4",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "13562c2d48c9ee330de1077d00146742be368f05",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "af26ea99019caee1500bf7e60c861136c0bf8594",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "9489951e3ae505534c4013db4e76b1b5a3151ac7",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "fb4aabdb1b48c25d9e1ee28f89440fd2ce556405",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
},
{
"lessThan": "1e4350095e8ab2577ee05f8c3b044e661b5af9a0",
"status": "affected",
"version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/mediatek/mtk_drm_gem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Add 0 size check to mtk_drm_gem_obj\n\nAdd a check to mtk_drm_gem_init if we attempt to allocate a GEM object\nof 0 bytes. Currently, no such check exists and the kernel will panic if\na userspace application attempts to allocate a 0x0 GBM buffer.\n\nTested by attempting to allocate a 0x0 GBM buffer on an MT8188 and\nverifying that we now return EINVAL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:46.917Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/79078880795478d551a05acc41f957700030d364"
},
{
"url": "https://git.kernel.org/stable/c/be34a1b351ea7faeb15dde8c44fe89de3980ae67"
},
{
"url": "https://git.kernel.org/stable/c/d17b75ee9c2e44d3a3682c4ea5ab713ea6073350"
},
{
"url": "https://git.kernel.org/stable/c/0e3b6f9123726858cac299e1654e3d20424cabe4"
},
{
"url": "https://git.kernel.org/stable/c/13562c2d48c9ee330de1077d00146742be368f05"
},
{
"url": "https://git.kernel.org/stable/c/af26ea99019caee1500bf7e60c861136c0bf8594"
},
{
"url": "https://git.kernel.org/stable/c/9489951e3ae505534c4013db4e76b1b5a3151ac7"
},
{
"url": "https://git.kernel.org/stable/c/fb4aabdb1b48c25d9e1ee28f89440fd2ce556405"
},
{
"url": "https://git.kernel.org/stable/c/1e4350095e8ab2577ee05f8c3b044e661b5af9a0"
}
],
"title": "drm/mediatek: Add 0 size check to mtk_drm_gem_obj",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38549",
"datePublished": "2024-06-19T13:35:22.042Z",
"dateReserved": "2024-06-18T19:36:34.920Z",
"dateUpdated": "2025-05-04T09:13:46.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52861 (GCVE-0-2023-52861)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm: bridge: it66121: Fix invalid connector dereference
Fix the NULL pointer dereference when no monitor is connected, and the
sound card is opened from userspace.
Instead return an empty buffer (of zeroes) as the EDID information to
the sound framework if there is no connector attached.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "e0fd83dbe924"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.19"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.63"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.5.12"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.2"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T18:51:01.322814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:49:46.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c80c4f0d2845645f41cbb7c9304c8efbdbd4331"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1669d7b21a664aa531856ce85b01359a376baebc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1374561a7cbc9a000b77bb0473bb2c19daf18d86"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0375f6858c4ff7244b62b02eb5e93428e1916cd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/bridge/ite-it66121.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2c80c4f0d2845645f41cbb7c9304c8efbdbd4331",
"status": "affected",
"version": "e0fd83dbe92426e4f09b01111d260d2a7dc72fdb",
"versionType": "git"
},
{
"lessThan": "1669d7b21a664aa531856ce85b01359a376baebc",
"status": "affected",
"version": "e0fd83dbe92426e4f09b01111d260d2a7dc72fdb",
"versionType": "git"
},
{
"lessThan": "1374561a7cbc9a000b77bb0473bb2c19daf18d86",
"status": "affected",
"version": "e0fd83dbe92426e4f09b01111d260d2a7dc72fdb",
"versionType": "git"
},
{
"lessThan": "d0375f6858c4ff7244b62b02eb5e93428e1916cd",
"status": "affected",
"version": "e0fd83dbe92426e4f09b01111d260d2a7dc72fdb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/bridge/ite-it66121.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: it66121: Fix invalid connector dereference\n\nFix the NULL pointer dereference when no monitor is connected, and the\nsound card is opened from userspace.\n\nInstead return an empty buffer (of zeroes) as the EDID information to\nthe sound framework if there is no connector attached."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:30.110Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2c80c4f0d2845645f41cbb7c9304c8efbdbd4331"
},
{
"url": "https://git.kernel.org/stable/c/1669d7b21a664aa531856ce85b01359a376baebc"
},
{
"url": "https://git.kernel.org/stable/c/1374561a7cbc9a000b77bb0473bb2c19daf18d86"
},
{
"url": "https://git.kernel.org/stable/c/d0375f6858c4ff7244b62b02eb5e93428e1916cd"
}
],
"title": "drm: bridge: it66121: Fix invalid connector dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52861",
"datePublished": "2024-05-21T15:31:53.904Z",
"dateReserved": "2024-05-21T15:19:24.261Z",
"dateUpdated": "2025-05-04T07:44:30.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36926 (GCVE-0-2024-36926)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-07 19:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE
At the time of LPAR boot up, partition firmware provides Open Firmware
property ibm,dma-window for the PE. This property is provided on the PCI
bus the PE is attached to.
There are execptions where the partition firmware might not provide this
property for the PE at the time of LPAR boot up. One of the scenario is
where the firmware has frozen the PE due to some error condition. This
PE is frozen for 24 hours or unless the whole system is reinitialized.
Within this time frame, if the LPAR is booted, the frozen PE will be
presented to the LPAR but ibm,dma-window property could be missing.
Today, under these circumstances, the LPAR oopses with NULL pointer
dereference, when configuring the PCI bus the PE is attached to.
BUG: Kernel NULL pointer dereference on read at 0x000000c8
Faulting instruction address: 0xc0000000001024c0
Oops: Kernel access of bad area, sig: 7 [#1]
LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
Modules linked in:
Supported: Yes
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.4.0-150600.9-default #1
Hardware name: IBM,9043-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_023) hv:phyp pSeries
NIP: c0000000001024c0 LR: c0000000001024b0 CTR: c000000000102450
REGS: c0000000037db5c0 TRAP: 0300 Not tainted (6.4.0-150600.9-default)
MSR: 8000000002009033 <SF,VEC,EE,ME,IR,DR,RI,LE> CR: 28000822 XER: 00000000
CFAR: c00000000010254c DAR: 00000000000000c8 DSISR: 00080000 IRQMASK: 0
...
NIP [c0000000001024c0] pci_dma_bus_setup_pSeriesLP+0x70/0x2a0
LR [c0000000001024b0] pci_dma_bus_setup_pSeriesLP+0x60/0x2a0
Call Trace:
pci_dma_bus_setup_pSeriesLP+0x60/0x2a0 (unreliable)
pcibios_setup_bus_self+0x1c0/0x370
__of_scan_bus+0x2f8/0x330
pcibios_scan_phb+0x280/0x3d0
pcibios_init+0x88/0x12c
do_one_initcall+0x60/0x320
kernel_init_freeable+0x344/0x3e4
kernel_init+0x34/0x1d0
ret_from_kernel_user_thread+0x14/0x1c
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b1fc44eaa9ba31e28c4125d6b9205a3582b47b5d Version: b1fc44eaa9ba31e28c4125d6b9205a3582b47b5d Version: b1fc44eaa9ba31e28c4125d6b9205a3582b47b5d Version: b1fc44eaa9ba31e28c4125d6b9205a3582b47b5d Version: b9f08b2649dddd4eb0698cb428b173bb01dd2fc5 Version: 58942f672c6d04b6a3cd7866cb459671df881538 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "7fb5793c53f8",
"status": "affected",
"version": "b1fc44eaa9ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "802b13b79ab1",
"status": "affected",
"version": "b1fc44eaa9ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "2bed905a7248",
"status": "affected",
"version": "b1fc44eaa9ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "49a940dbdc31",
"status": "affected",
"version": "b1fc44eaa9ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.9",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T19:55:04.176506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:55:19.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7fb5793c53f8c024e3eae9f0d44eb659aed833c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/802b13b79ab1fef66c6852fc745cf197dca0cb15"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2bed905a72485a2b79a001bd7e66c750942d2155"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49a940dbdc3107fecd5e6d3063dc07128177e058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/pseries/iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7fb5793c53f8c024e3eae9f0d44eb659aed833c4",
"status": "affected",
"version": "b1fc44eaa9ba31e28c4125d6b9205a3582b47b5d",
"versionType": "git"
},
{
"lessThan": "802b13b79ab1fef66c6852fc745cf197dca0cb15",
"status": "affected",
"version": "b1fc44eaa9ba31e28c4125d6b9205a3582b47b5d",
"versionType": "git"
},
{
"lessThan": "2bed905a72485a2b79a001bd7e66c750942d2155",
"status": "affected",
"version": "b1fc44eaa9ba31e28c4125d6b9205a3582b47b5d",
"versionType": "git"
},
{
"lessThan": "49a940dbdc3107fecd5e6d3063dc07128177e058",
"status": "affected",
"version": "b1fc44eaa9ba31e28c4125d6b9205a3582b47b5d",
"versionType": "git"
},
{
"status": "affected",
"version": "b9f08b2649dddd4eb0698cb428b173bb01dd2fc5",
"versionType": "git"
},
{
"status": "affected",
"version": "58942f672c6d04b6a3cd7866cb459671df881538",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/pseries/iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: LPAR panics during boot up with a frozen PE\n\nAt the time of LPAR boot up, partition firmware provides Open Firmware\nproperty ibm,dma-window for the PE. This property is provided on the PCI\nbus the PE is attached to.\n\nThere are execptions where the partition firmware might not provide this\nproperty for the PE at the time of LPAR boot up. One of the scenario is\nwhere the firmware has frozen the PE due to some error condition. This\nPE is frozen for 24 hours or unless the whole system is reinitialized.\n\nWithin this time frame, if the LPAR is booted, the frozen PE will be\npresented to the LPAR but ibm,dma-window property could be missing.\n\nToday, under these circumstances, the LPAR oopses with NULL pointer\ndereference, when configuring the PCI bus the PE is attached to.\n\n BUG: Kernel NULL pointer dereference on read at 0x000000c8\n Faulting instruction address: 0xc0000000001024c0\n Oops: Kernel access of bad area, sig: 7 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in:\n Supported: Yes\n CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.4.0-150600.9-default #1\n Hardware name: IBM,9043-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_023) hv:phyp pSeries\n NIP: c0000000001024c0 LR: c0000000001024b0 CTR: c000000000102450\n REGS: c0000000037db5c0 TRAP: 0300 Not tainted (6.4.0-150600.9-default)\n MSR: 8000000002009033 \u003cSF,VEC,EE,ME,IR,DR,RI,LE\u003e CR: 28000822 XER: 00000000\n CFAR: c00000000010254c DAR: 00000000000000c8 DSISR: 00080000 IRQMASK: 0\n ...\n NIP [c0000000001024c0] pci_dma_bus_setup_pSeriesLP+0x70/0x2a0\n LR [c0000000001024b0] pci_dma_bus_setup_pSeriesLP+0x60/0x2a0\n Call Trace:\n pci_dma_bus_setup_pSeriesLP+0x60/0x2a0 (unreliable)\n pcibios_setup_bus_self+0x1c0/0x370\n __of_scan_bus+0x2f8/0x330\n pcibios_scan_phb+0x280/0x3d0\n pcibios_init+0x88/0x12c\n do_one_initcall+0x60/0x320\n kernel_init_freeable+0x344/0x3e4\n kernel_init+0x34/0x1d0\n ret_from_kernel_user_thread+0x14/0x1c"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:29.051Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7fb5793c53f8c024e3eae9f0d44eb659aed833c4"
},
{
"url": "https://git.kernel.org/stable/c/802b13b79ab1fef66c6852fc745cf197dca0cb15"
},
{
"url": "https://git.kernel.org/stable/c/2bed905a72485a2b79a001bd7e66c750942d2155"
},
{
"url": "https://git.kernel.org/stable/c/49a940dbdc3107fecd5e6d3063dc07128177e058"
}
],
"title": "powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36926",
"datePublished": "2024-05-30T15:29:19.691Z",
"dateReserved": "2024-05-30T15:25:07.069Z",
"dateUpdated": "2025-05-07T19:55:19.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52877 (GCVE-0-2023-52877)
Vulnerability from cvelistv5
Published
2024-05-21 15:32
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()
It is possible that typec_register_partner() returns ERR_PTR on failure.
When port->partner is an error, a NULL pointer dereference may occur as
shown below.
[91222.095236][ T319] typec port0: failed to register partner (-17)
...
[91225.061491][ T319] Unable to handle kernel NULL pointer dereference
at virtual address 000000000000039f
[91225.274642][ T319] pc : tcpm_pd_data_request+0x310/0x13fc
[91225.274646][ T319] lr : tcpm_pd_data_request+0x298/0x13fc
[91225.308067][ T319] Call trace:
[91225.308070][ T319] tcpm_pd_data_request+0x310/0x13fc
[91225.308073][ T319] tcpm_pd_rx_handler+0x100/0x9e8
[91225.355900][ T319] kthread_worker_fn+0x178/0x58c
[91225.355902][ T319] kthread+0x150/0x200
[91225.355905][ T319] ret_from_fork+0x10/0x30
Add a check for port->partner to avoid dereferencing a NULL pointer.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T19:16:07.522837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T19:16:15.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e5f53a68a596e04df3fde3099273435a30b6fdac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e7a802447c491903aa7cb45967aa2a934a4e63fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ee038590d808a95d16adf92818dcd4752273c08"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b37a168c0137156042a0ca9626651b5a789e822b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4987daf86c152ff882d51572d154ad12e4ff3a4b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/typec/tcpm/tcpm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e5f53a68a596e04df3fde3099273435a30b6fdac",
"status": "affected",
"version": "5e1d4c49fbc86dab6e005d66f066bd53c9479cde",
"versionType": "git"
},
{
"lessThan": "e7a802447c491903aa7cb45967aa2a934a4e63fc",
"status": "affected",
"version": "5e1d4c49fbc86dab6e005d66f066bd53c9479cde",
"versionType": "git"
},
{
"lessThan": "9ee038590d808a95d16adf92818dcd4752273c08",
"status": "affected",
"version": "5e1d4c49fbc86dab6e005d66f066bd53c9479cde",
"versionType": "git"
},
{
"lessThan": "b37a168c0137156042a0ca9626651b5a789e822b",
"status": "affected",
"version": "5e1d4c49fbc86dab6e005d66f066bd53c9479cde",
"versionType": "git"
},
{
"lessThan": "4987daf86c152ff882d51572d154ad12e4ff3a4b",
"status": "affected",
"version": "5e1d4c49fbc86dab6e005d66f066bd53c9479cde",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/typec/tcpm/tcpm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.138",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.62",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.138",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.62",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.11",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.1",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()\n\nIt is possible that typec_register_partner() returns ERR_PTR on failure.\nWhen port-\u003epartner is an error, a NULL pointer dereference may occur as\nshown below.\n\n[91222.095236][ T319] typec port0: failed to register partner (-17)\n...\n[91225.061491][ T319] Unable to handle kernel NULL pointer dereference\nat virtual address 000000000000039f\n[91225.274642][ T319] pc : tcpm_pd_data_request+0x310/0x13fc\n[91225.274646][ T319] lr : tcpm_pd_data_request+0x298/0x13fc\n[91225.308067][ T319] Call trace:\n[91225.308070][ T319] tcpm_pd_data_request+0x310/0x13fc\n[91225.308073][ T319] tcpm_pd_rx_handler+0x100/0x9e8\n[91225.355900][ T319] kthread_worker_fn+0x178/0x58c\n[91225.355902][ T319] kthread+0x150/0x200\n[91225.355905][ T319] ret_from_fork+0x10/0x30\n\nAdd a check for port-\u003epartner to avoid dereferencing a NULL pointer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:59.559Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e5f53a68a596e04df3fde3099273435a30b6fdac"
},
{
"url": "https://git.kernel.org/stable/c/e7a802447c491903aa7cb45967aa2a934a4e63fc"
},
{
"url": "https://git.kernel.org/stable/c/9ee038590d808a95d16adf92818dcd4752273c08"
},
{
"url": "https://git.kernel.org/stable/c/b37a168c0137156042a0ca9626651b5a789e822b"
},
{
"url": "https://git.kernel.org/stable/c/4987daf86c152ff882d51572d154ad12e4ff3a4b"
}
],
"title": "usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52877",
"datePublished": "2024-05-21T15:32:09.946Z",
"dateReserved": "2024-05-21T15:19:24.264Z",
"dateUpdated": "2025-05-04T07:44:59.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52622 (GCVE-0-2023-52622)
Vulnerability from cvelistv5
Published
2024-03-26 17:19
Modified
2025-05-04 07:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid online resizing failures due to oversized flex bg
When we online resize an ext4 filesystem with a oversized flexbg_size,
mkfs.ext4 -F -G 67108864 $dev -b 4096 100M
mount $dev $dir
resize2fs $dev 16G
the following WARN_ON is triggered:
==================================================================
WARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550
Modules linked in: sg(E)
CPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314
RIP: 0010:__alloc_pages+0x411/0x550
Call Trace:
<TASK>
__kmalloc_large_node+0xa2/0x200
__kmalloc+0x16e/0x290
ext4_resize_fs+0x481/0xd80
__ext4_ioctl+0x1616/0x1d90
ext4_ioctl+0x12/0x20
__x64_sys_ioctl+0xf0/0x150
do_syscall_64+0x3b/0x90
==================================================================
This is because flexbg_size is too large and the size of the new_group_data
array to be allocated exceeds MAX_ORDER. Currently, the minimum value of
MAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding
maximum number of groups that can be allocated is:
(PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) ≈ 21845
And the value that is down-aligned to the power of 2 is 16384. Therefore,
this value is defined as MAX_RESIZE_BG, and the number of groups added
each time does not exceed this value during resizing, and is added multiple
times to complete the online resizing. The difference is that the metadata
in a flex_bg may be more dispersed.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T19:32:18.763669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T19:32:30.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd1f93ca97a9136989f3bd2bf90696732a2ed644"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b183fe8702e78bba3dcef8e7193cab6898abee07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfbbb3199e71b63fc26cee0ebff327c47128a1e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d76c8d7ffe163c6bf2f1ef680b0539c2b3902b90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d2cbf517dcabc093159cf138ad5712c9c7fa954"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b1413dbfe49646eda2c00c0f1144ee9d3368e0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc3e0f55bec4410f3d74352c4a7c79f518088ee2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d1935ac02ca5aee364a449a35e2977ea84509b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/resize.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cd1f93ca97a9136989f3bd2bf90696732a2ed644",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b183fe8702e78bba3dcef8e7193cab6898abee07",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cfbbb3199e71b63fc26cee0ebff327c47128a1e8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d76c8d7ffe163c6bf2f1ef680b0539c2b3902b90",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6d2cbf517dcabc093159cf138ad5712c9c7fa954",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8b1413dbfe49646eda2c00c0f1144ee9d3368e0c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dc3e0f55bec4410f3d74352c4a7c79f518088ee2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5d1935ac02ca5aee364a449a35e2977ea84509b0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/resize.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid online resizing failures due to oversized flex bg\n\nWhen we online resize an ext4 filesystem with a oversized flexbg_size,\n\n mkfs.ext4 -F -G 67108864 $dev -b 4096 100M\n mount $dev $dir\n resize2fs $dev 16G\n\nthe following WARN_ON is triggered:\n==================================================================\nWARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550\nModules linked in: sg(E)\nCPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314\nRIP: 0010:__alloc_pages+0x411/0x550\nCall Trace:\n \u003cTASK\u003e\n __kmalloc_large_node+0xa2/0x200\n __kmalloc+0x16e/0x290\n ext4_resize_fs+0x481/0xd80\n __ext4_ioctl+0x1616/0x1d90\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0xf0/0x150\n do_syscall_64+0x3b/0x90\n==================================================================\n\nThis is because flexbg_size is too large and the size of the new_group_data\narray to be allocated exceeds MAX_ORDER. Currently, the minimum value of\nMAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding\nmaximum number of groups that can be allocated is:\n\n (PAGE_SIZE \u003c\u003c MAX_ORDER) / sizeof(struct ext4_new_group_data) \u2248 21845\n\nAnd the value that is down-aligned to the power of 2 is 16384. Therefore,\nthis value is defined as MAX_RESIZE_BG, and the number of groups added\neach time does not exceed this value during resizing, and is added multiple\ntimes to complete the online resizing. The difference is that the metadata\nin a flex_bg may be more dispersed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:10.143Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cd1f93ca97a9136989f3bd2bf90696732a2ed644"
},
{
"url": "https://git.kernel.org/stable/c/b183fe8702e78bba3dcef8e7193cab6898abee07"
},
{
"url": "https://git.kernel.org/stable/c/cfbbb3199e71b63fc26cee0ebff327c47128a1e8"
},
{
"url": "https://git.kernel.org/stable/c/d76c8d7ffe163c6bf2f1ef680b0539c2b3902b90"
},
{
"url": "https://git.kernel.org/stable/c/6d2cbf517dcabc093159cf138ad5712c9c7fa954"
},
{
"url": "https://git.kernel.org/stable/c/8b1413dbfe49646eda2c00c0f1144ee9d3368e0c"
},
{
"url": "https://git.kernel.org/stable/c/dc3e0f55bec4410f3d74352c4a7c79f518088ee2"
},
{
"url": "https://git.kernel.org/stable/c/5d1935ac02ca5aee364a449a35e2977ea84509b0"
}
],
"title": "ext4: avoid online resizing failures due to oversized flex bg",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52622",
"datePublished": "2024-03-26T17:19:23.838Z",
"dateReserved": "2024-03-06T09:52:12.090Z",
"dateUpdated": "2025-05-04T07:40:10.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52791 (GCVE-0-2023-52791)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: core: Run atomic i2c xfer when !preemptible
Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is
disabled. However, non-atomic i2c transfers require preemption (e.g. in
wait_for_completion() while waiting for the DMA).
panic() calls preempt_disable_notrace() before calling
emergency_restart(). Therefore, if an i2c device is used for the
restart, the xfer should be atomic. This avoids warnings like:
[ 12.667612] WARNING: CPU: 1 PID: 1 at kernel/rcu/tree_plugin.h:318 rcu_note_context_switch+0x33c/0x6b0
[ 12.676926] Voluntary context switch within RCU read-side critical section!
...
[ 12.742376] schedule_timeout from wait_for_completion_timeout+0x90/0x114
[ 12.749179] wait_for_completion_timeout from tegra_i2c_wait_completion+0x40/0x70
...
[ 12.994527] atomic_notifier_call_chain from machine_restart+0x34/0x58
[ 13.001050] machine_restart from panic+0x2a8/0x32c
Use !preemptible() instead, which is basically the same check as
pre-v5.2.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bae1d3a05a8b99bd748168bbf8155a1d047c562e Version: bae1d3a05a8b99bd748168bbf8155a1d047c562e Version: bae1d3a05a8b99bd748168bbf8155a1d047c562e Version: bae1d3a05a8b99bd748168bbf8155a1d047c562e Version: bae1d3a05a8b99bd748168bbf8155a1d047c562e Version: bae1d3a05a8b99bd748168bbf8155a1d047c562e Version: bae1d3a05a8b99bd748168bbf8155a1d047c562e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:36:52.732311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:37:13.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25eb381a736e7ae39a4245ef5c96484eb1073809"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25284c46b657f48c0f3880a2e0706c70d81182c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6237afabc349c1c7909db00e15d2816519e0d2b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/185f3617adc8fe45e40489b458f03911f0dec46c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c3fa52a46ff4d208cefb1a462ec94e0043a91e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3473cf43b9068b9dfef2f545f833f33c6a544b91"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa49c90894d06e18a1ee7c095edbd2f37c232d02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/i2c-core.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "25eb381a736e7ae39a4245ef5c96484eb1073809",
"status": "affected",
"version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
"versionType": "git"
},
{
"lessThan": "25284c46b657f48c0f3880a2e0706c70d81182c0",
"status": "affected",
"version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
"versionType": "git"
},
{
"lessThan": "f6237afabc349c1c7909db00e15d2816519e0d2b",
"status": "affected",
"version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
"versionType": "git"
},
{
"lessThan": "185f3617adc8fe45e40489b458f03911f0dec46c",
"status": "affected",
"version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
"versionType": "git"
},
{
"lessThan": "8c3fa52a46ff4d208cefb1a462ec94e0043a91e1",
"status": "affected",
"version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
"versionType": "git"
},
{
"lessThan": "3473cf43b9068b9dfef2f545f833f33c6a544b91",
"status": "affected",
"version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
"versionType": "git"
},
{
"lessThan": "aa49c90894d06e18a1ee7c095edbd2f37c232d02",
"status": "affected",
"version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/i2c-core.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: core: Run atomic i2c xfer when !preemptible\n\nSince bae1d3a05a8b, i2c transfers are non-atomic if preemption is\ndisabled. However, non-atomic i2c transfers require preemption (e.g. in\nwait_for_completion() while waiting for the DMA).\n\npanic() calls preempt_disable_notrace() before calling\nemergency_restart(). Therefore, if an i2c device is used for the\nrestart, the xfer should be atomic. This avoids warnings like:\n\n[ 12.667612] WARNING: CPU: 1 PID: 1 at kernel/rcu/tree_plugin.h:318 rcu_note_context_switch+0x33c/0x6b0\n[ 12.676926] Voluntary context switch within RCU read-side critical section!\n...\n[ 12.742376] schedule_timeout from wait_for_completion_timeout+0x90/0x114\n[ 12.749179] wait_for_completion_timeout from tegra_i2c_wait_completion+0x40/0x70\n...\n[ 12.994527] atomic_notifier_call_chain from machine_restart+0x34/0x58\n[ 13.001050] machine_restart from panic+0x2a8/0x32c\n\nUse !preemptible() instead, which is basically the same check as\npre-v5.2."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:16.771Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/25eb381a736e7ae39a4245ef5c96484eb1073809"
},
{
"url": "https://git.kernel.org/stable/c/25284c46b657f48c0f3880a2e0706c70d81182c0"
},
{
"url": "https://git.kernel.org/stable/c/f6237afabc349c1c7909db00e15d2816519e0d2b"
},
{
"url": "https://git.kernel.org/stable/c/185f3617adc8fe45e40489b458f03911f0dec46c"
},
{
"url": "https://git.kernel.org/stable/c/8c3fa52a46ff4d208cefb1a462ec94e0043a91e1"
},
{
"url": "https://git.kernel.org/stable/c/3473cf43b9068b9dfef2f545f833f33c6a544b91"
},
{
"url": "https://git.kernel.org/stable/c/aa49c90894d06e18a1ee7c095edbd2f37c232d02"
}
],
"title": "i2c: core: Run atomic i2c xfer when !preemptible",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52791",
"datePublished": "2024-05-21T15:31:06.997Z",
"dateReserved": "2024-05-21T15:19:24.241Z",
"dateUpdated": "2025-05-04T07:43:16.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38417 (GCVE-0-2023-38417)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) PROSet/Wireless WiFi software |
Version: before version 23.20 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:45:23.815464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:07.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) PROSet/Wireless WiFi software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:16.918Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-38417",
"datePublished": "2024-05-16T20:47:16.918Z",
"dateReserved": "2023-10-25T03:00:09.616Z",
"dateUpdated": "2024-08-02T17:39:13.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52796 (GCVE-0-2023-52796)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipvlan: add ipvlan_route_v6_outbound() helper
Inspired by syzbot reports using a stack of multiple ipvlan devices.
Reduce stack size needed in ipvlan_process_v6_outbound() by moving
the flowi6 struct used for the route lookup in an non inlined
helper. ipvlan_route_v6_outbound() needs 120 bytes on the stack,
immediately reclaimed.
Also make sure ipvlan_process_v4_outbound() is not inlined.
We might also have to lower MAX_NEST_DEV, because only syzbot uses
setups with more than four stacked devices.
BUG: TASK stack guard page was hit at ffffc9000e803ff8 (stack is ffffc9000e804000..ffffc9000e808000)
stack guard page: 0000 [#1] SMP KASAN
CPU: 0 PID: 13442 Comm: syz-executor.4 Not tainted 6.1.52-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
RIP: 0010:kasan_check_range+0x4/0x2a0 mm/kasan/generic.c:188
Code: 48 01 c6 48 89 c7 e8 db 4e c1 03 31 c0 5d c3 cc 0f 0b eb 02 0f 0b b8 ea ff ff ff 5d c3 cc 00 00 cc cc 00 00 cc cc 55 48 89 e5 <41> 57 41 56 41 55 41 54 53 b0 01 48 85 f6 0f 84 a4 01 00 00 48 89
RSP: 0018:ffffc9000e804000 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817e5bf2
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff887c6568
RBP: ffffc9000e804000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92001d0080c
R13: dffffc0000000000 R14: ffffffff87e6b100 R15: 0000000000000000
FS: 00007fd0c55826c0(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000e803ff8 CR3: 0000000170ef7000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<#DF>
</#DF>
<TASK>
[<ffffffff81f281d1>] __kasan_check_read+0x11/0x20 mm/kasan/shadow.c:31
[<ffffffff817e5bf2>] instrument_atomic_read include/linux/instrumented.h:72 [inline]
[<ffffffff817e5bf2>] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
[<ffffffff817e5bf2>] cpumask_test_cpu include/linux/cpumask.h:506 [inline]
[<ffffffff817e5bf2>] cpu_online include/linux/cpumask.h:1092 [inline]
[<ffffffff817e5bf2>] trace_lock_acquire include/trace/events/lock.h:24 [inline]
[<ffffffff817e5bf2>] lock_acquire+0xe2/0x590 kernel/locking/lockdep.c:5632
[<ffffffff8563221e>] rcu_lock_acquire+0x2e/0x40 include/linux/rcupdate.h:306
[<ffffffff8561464d>] rcu_read_lock include/linux/rcupdate.h:747 [inline]
[<ffffffff8561464d>] ip6_pol_route+0x15d/0x1440 net/ipv6/route.c:2221
[<ffffffff85618120>] ip6_pol_route_output+0x50/0x80 net/ipv6/route.c:2606
[<ffffffff856f65b5>] pol_lookup_func include/net/ip6_fib.h:584 [inline]
[<ffffffff856f65b5>] fib6_rule_lookup+0x265/0x620 net/ipv6/fib6_rules.c:116
[<ffffffff85618009>] ip6_route_output_flags_noref+0x2d9/0x3a0 net/ipv6/route.c:2638
[<ffffffff8561821a>] ip6_route_output_flags+0xca/0x340 net/ipv6/route.c:2651
[<ffffffff838bd5a3>] ip6_route_output include/net/ip6_route.h:100 [inline]
[<ffffffff838bd5a3>] ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:473 [inline]
[<ffffffff838bd5a3>] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:529 [inline]
[<ffffffff838bd5a3>] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]
[<ffffffff838bd5a3>] ipvlan_queue_xmit+0xc33/0x1be0 drivers/net/ipvlan/ipvlan_core.c:677
[<ffffffff838c2909>] ipvlan_start_xmit+0x49/0x100 drivers/net/ipvlan/ipvlan_main.c:229
[<ffffffff84d03900>] netdev_start_xmit include/linux/netdevice.h:4966 [inline]
[<ffffffff84d03900>] xmit_one net/core/dev.c:3644 [inline]
[<ffffffff84d03900>] dev_hard_start_xmit+0x320/0x980 net/core/dev.c:3660
[<ffffffff84d080e2>] __dev_queue_xmit+0x16b2/0x3370 net/core/dev.c:4324
[<ffffffff855ce4cd>] dev_queue_xmit include/linux/netdevice.h:3067 [inline]
[<ffffffff855ce4cd>] neigh_hh_output include/net/neighbour.h:529 [inline]
[<f
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T19:45:36.487225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:52.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f7f850611aa27aaaf1bf5687702ad2240ae442a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d2d30f0792b47908af64c4d02ed1ee25ff50542"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43b781e7cb5cd0b435de276111953bf2bacd1f02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f64cad3ac38ac5978b53c40e6c5e6fd3477c68f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/732a67ca436887b594ebc43bb5a04ffb0971a760"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8872dc638c24bb774cd2224a69d72a7f661a4d56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03cddc4df8c6be47fd27c8f8b87e5f9a989e1458"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18f039428c7df183b09c69ebf10ffd4e521035d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ipvlan/ipvlan_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4f7f850611aa27aaaf1bf5687702ad2240ae442a",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "4d2d30f0792b47908af64c4d02ed1ee25ff50542",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "43b781e7cb5cd0b435de276111953bf2bacd1f02",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "1f64cad3ac38ac5978b53c40e6c5e6fd3477c68f",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "732a67ca436887b594ebc43bb5a04ffb0971a760",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "8872dc638c24bb774cd2224a69d72a7f661a4d56",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "03cddc4df8c6be47fd27c8f8b87e5f9a989e1458",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "18f039428c7df183b09c69ebf10ffd4e521035d2",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ipvlan/ipvlan_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: add ipvlan_route_v6_outbound() helper\n\nInspired by syzbot reports using a stack of multiple ipvlan devices.\n\nReduce stack size needed in ipvlan_process_v6_outbound() by moving\nthe flowi6 struct used for the route lookup in an non inlined\nhelper. ipvlan_route_v6_outbound() needs 120 bytes on the stack,\nimmediately reclaimed.\n\nAlso make sure ipvlan_process_v4_outbound() is not inlined.\n\nWe might also have to lower MAX_NEST_DEV, because only syzbot uses\nsetups with more than four stacked devices.\n\nBUG: TASK stack guard page was hit at ffffc9000e803ff8 (stack is ffffc9000e804000..ffffc9000e808000)\nstack guard page: 0000 [#1] SMP KASAN\nCPU: 0 PID: 13442 Comm: syz-executor.4 Not tainted 6.1.52-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023\nRIP: 0010:kasan_check_range+0x4/0x2a0 mm/kasan/generic.c:188\nCode: 48 01 c6 48 89 c7 e8 db 4e c1 03 31 c0 5d c3 cc 0f 0b eb 02 0f 0b b8 ea ff ff ff 5d c3 cc 00 00 cc cc 00 00 cc cc 55 48 89 e5 \u003c41\u003e 57 41 56 41 55 41 54 53 b0 01 48 85 f6 0f 84 a4 01 00 00 48 89\nRSP: 0018:ffffc9000e804000 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817e5bf2\nRDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff887c6568\nRBP: ffffc9000e804000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92001d0080c\nR13: dffffc0000000000 R14: ffffffff87e6b100 R15: 0000000000000000\nFS: 00007fd0c55826c0(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000e803ff8 CR3: 0000000170ef7000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003c#DF\u003e\n\u003c/#DF\u003e\n\u003cTASK\u003e\n[\u003cffffffff81f281d1\u003e] __kasan_check_read+0x11/0x20 mm/kasan/shadow.c:31\n[\u003cffffffff817e5bf2\u003e] instrument_atomic_read include/linux/instrumented.h:72 [inline]\n[\u003cffffffff817e5bf2\u003e] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\n[\u003cffffffff817e5bf2\u003e] cpumask_test_cpu include/linux/cpumask.h:506 [inline]\n[\u003cffffffff817e5bf2\u003e] cpu_online include/linux/cpumask.h:1092 [inline]\n[\u003cffffffff817e5bf2\u003e] trace_lock_acquire include/trace/events/lock.h:24 [inline]\n[\u003cffffffff817e5bf2\u003e] lock_acquire+0xe2/0x590 kernel/locking/lockdep.c:5632\n[\u003cffffffff8563221e\u003e] rcu_lock_acquire+0x2e/0x40 include/linux/rcupdate.h:306\n[\u003cffffffff8561464d\u003e] rcu_read_lock include/linux/rcupdate.h:747 [inline]\n[\u003cffffffff8561464d\u003e] ip6_pol_route+0x15d/0x1440 net/ipv6/route.c:2221\n[\u003cffffffff85618120\u003e] ip6_pol_route_output+0x50/0x80 net/ipv6/route.c:2606\n[\u003cffffffff856f65b5\u003e] pol_lookup_func include/net/ip6_fib.h:584 [inline]\n[\u003cffffffff856f65b5\u003e] fib6_rule_lookup+0x265/0x620 net/ipv6/fib6_rules.c:116\n[\u003cffffffff85618009\u003e] ip6_route_output_flags_noref+0x2d9/0x3a0 net/ipv6/route.c:2638\n[\u003cffffffff8561821a\u003e] ip6_route_output_flags+0xca/0x340 net/ipv6/route.c:2651\n[\u003cffffffff838bd5a3\u003e] ip6_route_output include/net/ip6_route.h:100 [inline]\n[\u003cffffffff838bd5a3\u003e] ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:473 [inline]\n[\u003cffffffff838bd5a3\u003e] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:529 [inline]\n[\u003cffffffff838bd5a3\u003e] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\n[\u003cffffffff838bd5a3\u003e] ipvlan_queue_xmit+0xc33/0x1be0 drivers/net/ipvlan/ipvlan_core.c:677\n[\u003cffffffff838c2909\u003e] ipvlan_start_xmit+0x49/0x100 drivers/net/ipvlan/ipvlan_main.c:229\n[\u003cffffffff84d03900\u003e] netdev_start_xmit include/linux/netdevice.h:4966 [inline]\n[\u003cffffffff84d03900\u003e] xmit_one net/core/dev.c:3644 [inline]\n[\u003cffffffff84d03900\u003e] dev_hard_start_xmit+0x320/0x980 net/core/dev.c:3660\n[\u003cffffffff84d080e2\u003e] __dev_queue_xmit+0x16b2/0x3370 net/core/dev.c:4324\n[\u003cffffffff855ce4cd\u003e] dev_queue_xmit include/linux/netdevice.h:3067 [inline]\n[\u003cffffffff855ce4cd\u003e] neigh_hh_output include/net/neighbour.h:529 [inline]\n[\u003cf\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:21.587Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4f7f850611aa27aaaf1bf5687702ad2240ae442a"
},
{
"url": "https://git.kernel.org/stable/c/4d2d30f0792b47908af64c4d02ed1ee25ff50542"
},
{
"url": "https://git.kernel.org/stable/c/43b781e7cb5cd0b435de276111953bf2bacd1f02"
},
{
"url": "https://git.kernel.org/stable/c/1f64cad3ac38ac5978b53c40e6c5e6fd3477c68f"
},
{
"url": "https://git.kernel.org/stable/c/732a67ca436887b594ebc43bb5a04ffb0971a760"
},
{
"url": "https://git.kernel.org/stable/c/8872dc638c24bb774cd2224a69d72a7f661a4d56"
},
{
"url": "https://git.kernel.org/stable/c/03cddc4df8c6be47fd27c8f8b87e5f9a989e1458"
},
{
"url": "https://git.kernel.org/stable/c/18f039428c7df183b09c69ebf10ffd4e521035d2"
}
],
"title": "ipvlan: add ipvlan_route_v6_outbound() helper",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52796",
"datePublished": "2024-05-21T15:31:10.290Z",
"dateReserved": "2024-05-21T15:19:24.246Z",
"dateUpdated": "2025-05-04T07:43:21.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52871 (GCVE-0-2023-52871)
Vulnerability from cvelistv5
Published
2024-05-21 15:32
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: llcc: Handle a second device without data corruption
Usually there is only one llcc device. But if there were a second, even
a failed probe call would modify the global drv_data pointer. So check
if drv_data is valid before overwriting it.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a3134fb09e0bc5bee76e13bf863173b86f21cf87 Version: a3134fb09e0bc5bee76e13bf863173b86f21cf87 Version: a3134fb09e0bc5bee76e13bf863173b86f21cf87 Version: a3134fb09e0bc5bee76e13bf863173b86f21cf87 Version: a3134fb09e0bc5bee76e13bf863173b86f21cf87 Version: a3134fb09e0bc5bee76e13bf863173b86f21cf87 Version: a3134fb09e0bc5bee76e13bf863173b86f21cf87 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52871",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T18:17:57.620656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:42.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc1a1dcb411fe224f48553cfdcdfe6e61395b69c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5e5b85ea0f4bc484bfe4cc73ead51fa48d2366a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/995ee1e84e8db7fa5dcdde7dfe0bd7bb6f9bbb8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0ef883cae309bc5e8cdfcdbc1b4822732ce20a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3565684309e54fa998ea27f37028d67cc3e1dff2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1143bfb9b055897975aeaea254da148e19524493"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1a1bc8775b26345aba2be278118999e7f661d3d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/soc/qcom/llcc-qcom.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cc1a1dcb411fe224f48553cfdcdfe6e61395b69c",
"status": "affected",
"version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
"versionType": "git"
},
{
"lessThan": "5e5b85ea0f4bc484bfe4cc73ead51fa48d2366a0",
"status": "affected",
"version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
"versionType": "git"
},
{
"lessThan": "995ee1e84e8db7fa5dcdde7dfe0bd7bb6f9bbb8c",
"status": "affected",
"version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
"versionType": "git"
},
{
"lessThan": "f0ef883cae309bc5e8cdfcdbc1b4822732ce20a8",
"status": "affected",
"version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
"versionType": "git"
},
{
"lessThan": "3565684309e54fa998ea27f37028d67cc3e1dff2",
"status": "affected",
"version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
"versionType": "git"
},
{
"lessThan": "1143bfb9b055897975aeaea254da148e19524493",
"status": "affected",
"version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
"versionType": "git"
},
{
"lessThan": "f1a1bc8775b26345aba2be278118999e7f661d3d",
"status": "affected",
"version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/soc/qcom/llcc-qcom.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: llcc: Handle a second device without data corruption\n\nUsually there is only one llcc device. But if there were a second, even\na failed probe call would modify the global drv_data pointer. So check\nif drv_data is valid before overwriting it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:47.112Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cc1a1dcb411fe224f48553cfdcdfe6e61395b69c"
},
{
"url": "https://git.kernel.org/stable/c/5e5b85ea0f4bc484bfe4cc73ead51fa48d2366a0"
},
{
"url": "https://git.kernel.org/stable/c/995ee1e84e8db7fa5dcdde7dfe0bd7bb6f9bbb8c"
},
{
"url": "https://git.kernel.org/stable/c/f0ef883cae309bc5e8cdfcdbc1b4822732ce20a8"
},
{
"url": "https://git.kernel.org/stable/c/3565684309e54fa998ea27f37028d67cc3e1dff2"
},
{
"url": "https://git.kernel.org/stable/c/1143bfb9b055897975aeaea254da148e19524493"
},
{
"url": "https://git.kernel.org/stable/c/f1a1bc8775b26345aba2be278118999e7f661d3d"
}
],
"title": "soc: qcom: llcc: Handle a second device without data corruption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52871",
"datePublished": "2024-05-21T15:32:00.922Z",
"dateReserved": "2024-05-21T15:19:24.263Z",
"dateUpdated": "2025-05-04T07:44:47.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38627 (GCVE-0-2024-38627)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
stm class: Fix a double free in stm_register_device()
The put_device(&stm->dev) call will trigger stm_device_release() which
frees "stm" so the vfree(stm) on the next line is a double free.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: 389b6699a2aa0b457aa69986e9ddf39f3b4030fd Version: b0351a51ffda593b2b1b35dd0c00a73505edb256 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T13:23:15.087129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T13:23:21.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d782a2db8f7ac49c33b9ca3e835500a28667d1be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hwtracing/stm/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6cc30ef8eb6d8f8d6df43152264bbf8835d99931",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"lessThan": "a0450d3f38e7c6c0a7c0afd4182976ee15573695",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"lessThan": "713fc00c571dde4af3db2dbd5d1b0eadc327817b",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"lessThan": "7419df1acffbcc90037f6b5a2823e81389659b36",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"lessThan": "4bfd48bb6e62512b9c392c5002c11e1e3b18d247",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"lessThan": "370c480410f60b90ba3e96abe73ead21ec827b20",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"lessThan": "d782a2db8f7ac49c33b9ca3e835500a28667d1be",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"lessThan": "3df463865ba42b8f88a590326f4c9ea17a1ce459",
"status": "affected",
"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd",
"versionType": "git"
},
{
"status": "affected",
"version": "b0351a51ffda593b2b1b35dd0c00a73505edb256",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hwtracing/stm/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.178",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstm class: Fix a double free in stm_register_device()\n\nThe put_device(\u0026stm-\u003edev) call will trigger stm_device_release() which\nfrees \"stm\" so the vfree(stm) on the next line is a double free."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:54.142Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931"
},
{
"url": "https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695"
},
{
"url": "https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b"
},
{
"url": "https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36"
},
{
"url": "https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247"
},
{
"url": "https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20"
},
{
"url": "https://git.kernel.org/stable/c/d782a2db8f7ac49c33b9ca3e835500a28667d1be"
},
{
"url": "https://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459"
}
],
"title": "stm class: Fix a double free in stm_register_device()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38627",
"datePublished": "2024-06-21T10:18:18.912Z",
"dateReserved": "2024-06-18T19:36:34.946Z",
"dateUpdated": "2025-05-04T12:56:54.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39463 (GCVE-0-2024-39463)
Vulnerability from cvelistv5
Published
2024-06-25 14:25
Modified
2025-05-04 09:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
9p: add missing locking around taking dentry fid list
Fix a use-after-free on dentry's d_fsdata fid list when a thread
looks up a fid through dentry while another thread unlinks it:
UAF thread:
refcount_t: addition on 0; use-after-free.
p9_fid_get linux/./include/net/9p/client.h:262
v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129
v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181
v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314
v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400
vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248
Freed by:
p9_fid_destroy (inlined)
p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456
p9_fid_put linux/./include/net/9p/client.h:278
v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55
v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518
vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335
The problem is that d_fsdata was not accessed under d_lock, because
d_release() normally is only called once the dentry is otherwise no
longer accessible but since we also call it explicitly in v9fs_remove
that lock is required:
move the hlist out of the dentry under lock then unref its fids once
they are no longer accessible.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.11:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "cb299cdba09f",
"status": "affected",
"version": "154372e67d40",
"versionType": "custom"
},
{
"lessThan": "f0c5c944c6d8",
"status": "affected",
"version": "154372e67d40",
"versionType": "custom"
},
{
"lessThan": "fe17ebf22feb",
"status": "affected",
"version": "154372e67d40",
"versionType": "custom"
},
{
"lessThan": "c898afdc1564",
"status": "affected",
"version": "154372e67d40",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T03:55:21.281977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:36:18.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/9p/vfs_dentry.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3bb6763a8319170c2d41c4232c8e7e4c37dcacfb",
"status": "affected",
"version": "154372e67d4053e56591245eb413686621941333",
"versionType": "git"
},
{
"lessThan": "cb299cdba09f46f090b843d78ba26b667d50a456",
"status": "affected",
"version": "154372e67d4053e56591245eb413686621941333",
"versionType": "git"
},
{
"lessThan": "f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5",
"status": "affected",
"version": "154372e67d4053e56591245eb413686621941333",
"versionType": "git"
},
{
"lessThan": "fe17ebf22feb4ad7094d597526d558a49aac92b4",
"status": "affected",
"version": "154372e67d4053e56591245eb413686621941333",
"versionType": "git"
},
{
"lessThan": "c898afdc15645efb555acb6d85b484eb40a45409",
"status": "affected",
"version": "154372e67d4053e56591245eb413686621941333",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/9p/vfs_dentry.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.94",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.34",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.5",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p: add missing locking around taking dentry fid list\n\nFix a use-after-free on dentry\u0027s d_fsdata fid list when a thread\nlooks up a fid through dentry while another thread unlinks it:\n\nUAF thread:\nrefcount_t: addition on 0; use-after-free.\n p9_fid_get linux/./include/net/9p/client.h:262\n v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129\n v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181\n v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314\n v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400\n vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248\n\nFreed by:\n p9_fid_destroy (inlined)\n p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456\n p9_fid_put linux/./include/net/9p/client.h:278\n v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55\n v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518\n vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335\n\nThe problem is that d_fsdata was not accessed under d_lock, because\nd_release() normally is only called once the dentry is otherwise no\nlonger accessible but since we also call it explicitly in v9fs_remove\nthat lock is required:\nmove the hlist out of the dentry under lock then unref its fids once\nthey are no longer accessible."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:16:20.926Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3bb6763a8319170c2d41c4232c8e7e4c37dcacfb"
},
{
"url": "https://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456"
},
{
"url": "https://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5"
},
{
"url": "https://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4"
},
{
"url": "https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1194/"
}
],
"title": "9p: add missing locking around taking dentry fid list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39463",
"datePublished": "2024-06-25T14:25:02.887Z",
"dateReserved": "2024-06-25T14:23:23.744Z",
"dateUpdated": "2025-05-04T09:16:20.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36919 (GCVE-0-2024-36919)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
The session resources are used by FW and driver when session is offloaded,
once session is uploaded these resources are not used. The lock is not
required as these fields won't be used any longer. The offload and upload
calls are sequential, hence lock is not required.
This will suppress following BUG_ON():
[ 449.843143] ------------[ cut here ]------------
[ 449.848302] kernel BUG at mm/vmalloc.c:2727!
[ 449.853072] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[ 449.858712] CPU: 5 PID: 1996 Comm: kworker/u24:2 Not tainted 5.14.0-118.el9.x86_64 #1
Rebooting.
[ 449.867454] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.3.4 11/08/2016
[ 449.876966] Workqueue: fc_rport_eq fc_rport_work [libfc]
[ 449.882910] RIP: 0010:vunmap+0x2e/0x30
[ 449.887098] Code: 00 65 8b 05 14 a2 f0 4a a9 00 ff ff 00 75 1b 55 48 89 fd e8 34 36 79 00 48 85 ed 74 0b 48 89 ef 31 f6 5d e9 14 fc ff ff 5d c3 <0f> 0b 0f 1f 44 00 00 41 57 41 56 49 89 ce 41 55 49 89 fd 41 54 41
[ 449.908054] RSP: 0018:ffffb83d878b3d68 EFLAGS: 00010206
[ 449.913887] RAX: 0000000080000201 RBX: ffff8f4355133550 RCX: 000000000d400005
[ 449.921843] RDX: 0000000000000001 RSI: 0000000000001000 RDI: ffffb83da53f5000
[ 449.929808] RBP: ffff8f4ac6675800 R08: ffffb83d878b3d30 R09: 00000000000efbdf
[ 449.937774] R10: 0000000000000003 R11: ffff8f434573e000 R12: 0000000000001000
[ 449.945736] R13: 0000000000001000 R14: ffffb83da53f5000 R15: ffff8f43d4ea3ae0
[ 449.953701] FS: 0000000000000000(0000) GS:ffff8f529fc80000(0000) knlGS:0000000000000000
[ 449.962732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 449.969138] CR2: 00007f8cf993e150 CR3: 0000000efbe10003 CR4: 00000000003706e0
[ 449.977102] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 449.985065] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 449.993028] Call Trace:
[ 449.995756] __iommu_dma_free+0x96/0x100
[ 450.000139] bnx2fc_free_session_resc+0x67/0x240 [bnx2fc]
[ 450.006171] bnx2fc_upload_session+0xce/0x100 [bnx2fc]
[ 450.011910] bnx2fc_rport_event_handler+0x9f/0x240 [bnx2fc]
[ 450.018136] fc_rport_work+0x103/0x5b0 [libfc]
[ 450.023103] process_one_work+0x1e8/0x3c0
[ 450.027581] worker_thread+0x50/0x3b0
[ 450.031669] ? rescuer_thread+0x370/0x370
[ 450.036143] kthread+0x149/0x170
[ 450.039744] ? set_kthread_struct+0x40/0x40
[ 450.044411] ret_from_fork+0x22/0x30
[ 450.048404] Modules linked in: vfat msdos fat xfs nfs_layout_nfsv41_files rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver dm_service_time qedf qed crc8 bnx2fc libfcoe libfc scsi_transport_fc intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp dcdbas rapl intel_cstate intel_uncore mei_me pcspkr mei ipmi_ssif lpc_ich ipmi_si fuse zram ext4 mbcache jbd2 loop nfsv3 nfs_acl nfs lockd grace fscache netfs irdma ice sd_mod t10_pi sg ib_uverbs ib_core 8021q garp mrp stp llc mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt mxm_wmi fb_sys_fops cec crct10dif_pclmul ahci crc32_pclmul bnx2x drm ghash_clmulni_intel libahci rfkill i40e libata megaraid_sas mdio wmi sunrpc lrw dm_crypt dm_round_robin dm_multipath dm_snapshot dm_bufio dm_mirror dm_region_hash dm_log dm_zero dm_mod linear raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid6_pq libcrc32c crc32c_intel raid1 raid0 iscsi_ibft squashfs be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls
[ 450.048497] libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi edd ipmi_devintf ipmi_msghandler
[ 450.159753] ---[ end trace 712de2c57c64abc8 ]---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T14:28:01.393911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T14:28:19.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-05T08:03:33.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/468f3e3c15076338367b0945b041105b67cf31e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/acd370c1fb86b7302c1cbb354a7c1cd9953768eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad498539dda0816aadef384ec117bfea304c75c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93aa5ccc44781bdfef1bf0bc4c2c292d45251312"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1150606d47d711d5bfdf329a1a96ed7027085936"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c885ab23206b1f1ba0731ffe7c9455c6a91db256"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea50941cd8c9f0b12f38b73d3b1bfeca660dd342"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c214ed2a4dda35b308b0b28eed804d7ae66401f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/bnx2fc/bnx2fc_tgt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "468f3e3c15076338367b0945b041105b67cf31e3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "acd370c1fb86b7302c1cbb354a7c1cd9953768eb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ad498539dda0816aadef384ec117bfea304c75c3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "93aa5ccc44781bdfef1bf0bc4c2c292d45251312",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1150606d47d711d5bfdf329a1a96ed7027085936",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c885ab23206b1f1ba0731ffe7c9455c6a91db256",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ea50941cd8c9f0b12f38b73d3b1bfeca660dd342",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c214ed2a4dda35b308b0b28eed804d7ae66401f9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/bnx2fc/bnx2fc_tgt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload\n\nThe session resources are used by FW and driver when session is offloaded,\nonce session is uploaded these resources are not used. The lock is not\nrequired as these fields won\u0027t be used any longer. The offload and upload\ncalls are sequential, hence lock is not required.\n\nThis will suppress following BUG_ON():\n\n[ 449.843143] ------------[ cut here ]------------\n[ 449.848302] kernel BUG at mm/vmalloc.c:2727!\n[ 449.853072] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[ 449.858712] CPU: 5 PID: 1996 Comm: kworker/u24:2 Not tainted 5.14.0-118.el9.x86_64 #1\nRebooting.\n[ 449.867454] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.3.4 11/08/2016\n[ 449.876966] Workqueue: fc_rport_eq fc_rport_work [libfc]\n[ 449.882910] RIP: 0010:vunmap+0x2e/0x30\n[ 449.887098] Code: 00 65 8b 05 14 a2 f0 4a a9 00 ff ff 00 75 1b 55 48 89 fd e8 34 36 79 00 48 85 ed 74 0b 48 89 ef 31 f6 5d e9 14 fc ff ff 5d c3 \u003c0f\u003e 0b 0f 1f 44 00 00 41 57 41 56 49 89 ce 41 55 49 89 fd 41 54 41\n[ 449.908054] RSP: 0018:ffffb83d878b3d68 EFLAGS: 00010206\n[ 449.913887] RAX: 0000000080000201 RBX: ffff8f4355133550 RCX: 000000000d400005\n[ 449.921843] RDX: 0000000000000001 RSI: 0000000000001000 RDI: ffffb83da53f5000\n[ 449.929808] RBP: ffff8f4ac6675800 R08: ffffb83d878b3d30 R09: 00000000000efbdf\n[ 449.937774] R10: 0000000000000003 R11: ffff8f434573e000 R12: 0000000000001000\n[ 449.945736] R13: 0000000000001000 R14: ffffb83da53f5000 R15: ffff8f43d4ea3ae0\n[ 449.953701] FS: 0000000000000000(0000) GS:ffff8f529fc80000(0000) knlGS:0000000000000000\n[ 449.962732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 449.969138] CR2: 00007f8cf993e150 CR3: 0000000efbe10003 CR4: 00000000003706e0\n[ 449.977102] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 449.985065] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 449.993028] Call Trace:\n[ 449.995756] __iommu_dma_free+0x96/0x100\n[ 450.000139] bnx2fc_free_session_resc+0x67/0x240 [bnx2fc]\n[ 450.006171] bnx2fc_upload_session+0xce/0x100 [bnx2fc]\n[ 450.011910] bnx2fc_rport_event_handler+0x9f/0x240 [bnx2fc]\n[ 450.018136] fc_rport_work+0x103/0x5b0 [libfc]\n[ 450.023103] process_one_work+0x1e8/0x3c0\n[ 450.027581] worker_thread+0x50/0x3b0\n[ 450.031669] ? rescuer_thread+0x370/0x370\n[ 450.036143] kthread+0x149/0x170\n[ 450.039744] ? set_kthread_struct+0x40/0x40\n[ 450.044411] ret_from_fork+0x22/0x30\n[ 450.048404] Modules linked in: vfat msdos fat xfs nfs_layout_nfsv41_files rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver dm_service_time qedf qed crc8 bnx2fc libfcoe libfc scsi_transport_fc intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp dcdbas rapl intel_cstate intel_uncore mei_me pcspkr mei ipmi_ssif lpc_ich ipmi_si fuse zram ext4 mbcache jbd2 loop nfsv3 nfs_acl nfs lockd grace fscache netfs irdma ice sd_mod t10_pi sg ib_uverbs ib_core 8021q garp mrp stp llc mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt mxm_wmi fb_sys_fops cec crct10dif_pclmul ahci crc32_pclmul bnx2x drm ghash_clmulni_intel libahci rfkill i40e libata megaraid_sas mdio wmi sunrpc lrw dm_crypt dm_round_robin dm_multipath dm_snapshot dm_bufio dm_mirror dm_region_hash dm_log dm_zero dm_mod linear raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid6_pq libcrc32c crc32c_intel raid1 raid0 iscsi_ibft squashfs be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls\n[ 450.048497] libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi edd ipmi_devintf ipmi_msghandler\n[ 450.159753] ---[ end trace 712de2c57c64abc8 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:04.893Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/468f3e3c15076338367b0945b041105b67cf31e3"
},
{
"url": "https://git.kernel.org/stable/c/acd370c1fb86b7302c1cbb354a7c1cd9953768eb"
},
{
"url": "https://git.kernel.org/stable/c/ad498539dda0816aadef384ec117bfea304c75c3"
},
{
"url": "https://git.kernel.org/stable/c/93aa5ccc44781bdfef1bf0bc4c2c292d45251312"
},
{
"url": "https://git.kernel.org/stable/c/1150606d47d711d5bfdf329a1a96ed7027085936"
},
{
"url": "https://git.kernel.org/stable/c/c885ab23206b1f1ba0731ffe7c9455c6a91db256"
},
{
"url": "https://git.kernel.org/stable/c/ea50941cd8c9f0b12f38b73d3b1bfeca660dd342"
},
{
"url": "https://git.kernel.org/stable/c/c214ed2a4dda35b308b0b28eed804d7ae66401f9"
}
],
"title": "scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36919",
"datePublished": "2024-05-30T15:29:14.486Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2025-05-04T09:12:04.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52840 (GCVE-0-2023-52840)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
The put_device() calls rmi_release_function() which frees "fn" so the
dereference on the next line "fn->num_of_irqs" is a use after free.
Move the put_device() to the end to fix this.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T18:01:30.625524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T18:01:37.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f236d8638f5b43e0c72919a6a27fe286c32053f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50d12253666195a14c6cd2b81c376e2dbeedbdff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c71e065befb2fae8f1461559b940c04e1071bd5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/303766bb92c5c225cf40f9bbbe7e29749406e2f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7082b1fb5321037bc11ba1cf2d7ed23c6b2b521f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc56c4d17721dcb10ad4e9c9266e449be1462683"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c8e639f5743cf4b01f8c65e0df075fe4d782b585"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb988e46da2e4eae89f5337e047ce372fe33d5b1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/input/rmi4/rmi_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2f236d8638f5b43e0c72919a6a27fe286c32053f",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
},
{
"lessThan": "50d12253666195a14c6cd2b81c376e2dbeedbdff",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
},
{
"lessThan": "6c71e065befb2fae8f1461559b940c04e1071bd5",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
},
{
"lessThan": "303766bb92c5c225cf40f9bbbe7e29749406e2f2",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
},
{
"lessThan": "7082b1fb5321037bc11ba1cf2d7ed23c6b2b521f",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
},
{
"lessThan": "cc56c4d17721dcb10ad4e9c9266e449be1462683",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
},
{
"lessThan": "c8e639f5743cf4b01f8c65e0df075fe4d782b585",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
},
{
"lessThan": "eb988e46da2e4eae89f5337e047ce372fe33d5b1",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/input/rmi4/rmi_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: synaptics-rmi4 - fix use after free in rmi_unregister_function()\n\nThe put_device() calls rmi_release_function() which frees \"fn\" so the\ndereference on the next line \"fn-\u003enum_of_irqs\" is a use after free.\nMove the put_device() to the end to fix this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:06.206Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f236d8638f5b43e0c72919a6a27fe286c32053f"
},
{
"url": "https://git.kernel.org/stable/c/50d12253666195a14c6cd2b81c376e2dbeedbdff"
},
{
"url": "https://git.kernel.org/stable/c/6c71e065befb2fae8f1461559b940c04e1071bd5"
},
{
"url": "https://git.kernel.org/stable/c/303766bb92c5c225cf40f9bbbe7e29749406e2f2"
},
{
"url": "https://git.kernel.org/stable/c/7082b1fb5321037bc11ba1cf2d7ed23c6b2b521f"
},
{
"url": "https://git.kernel.org/stable/c/cc56c4d17721dcb10ad4e9c9266e449be1462683"
},
{
"url": "https://git.kernel.org/stable/c/c8e639f5743cf4b01f8c65e0df075fe4d782b585"
},
{
"url": "https://git.kernel.org/stable/c/eb988e46da2e4eae89f5337e047ce372fe33d5b1"
}
],
"title": "Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52840",
"datePublished": "2024-05-21T15:31:39.862Z",
"dateReserved": "2024-05-21T15:19:24.253Z",
"dateUpdated": "2025-05-04T07:44:06.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52767 (GCVE-0-2023-52767)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tls: fix NULL deref on tls_sw_splice_eof() with empty record
syzkaller discovered that if tls_sw_splice_eof() is executed as part of
sendfile() when the plaintext/ciphertext sk_msg are empty, the send path
gets confused because the empty ciphertext buffer does not have enough
space for the encryption overhead. This causes tls_push_record() to go on
the `split = true` path (which is only supposed to be used when interacting
with an attached BPF program), and then get further confused and hit the
tls_merge_open_record() path, which then assumes that there must be at
least one populated buffer element, leading to a NULL deref.
It is possible to have empty plaintext/ciphertext buffers if we previously
bailed from tls_sw_sendmsg_locked() via the tls_trim_both_msgs() path.
tls_sw_push_pending_record() already handles this case correctly; let's do
the same check in tls_sw_splice_eof().
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T18:35:50.400144Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:42.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/944900fe2736c07288efe2d9394db4d3ca23f2c9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2214e2bb5489145aba944874d0ee1652a0a63dc8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53f2cb491b500897a619ff6abd72f565933760f0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "944900fe2736c07288efe2d9394db4d3ca23f2c9",
"status": "affected",
"version": "5ad627faed136089e27bcd15e0c33760e575c8c3",
"versionType": "git"
},
{
"lessThan": "2214e2bb5489145aba944874d0ee1652a0a63dc8",
"status": "affected",
"version": "df720d288dbb1793e82b6ccbfc670ec871e9def4",
"versionType": "git"
},
{
"lessThan": "53f2cb491b500897a619ff6abd72f565933760f0",
"status": "affected",
"version": "df720d288dbb1793e82b6ccbfc670ec871e9def4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tls/tls_sw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.4",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix NULL deref on tls_sw_splice_eof() with empty record\n\nsyzkaller discovered that if tls_sw_splice_eof() is executed as part of\nsendfile() when the plaintext/ciphertext sk_msg are empty, the send path\ngets confused because the empty ciphertext buffer does not have enough\nspace for the encryption overhead. This causes tls_push_record() to go on\nthe `split = true` path (which is only supposed to be used when interacting\nwith an attached BPF program), and then get further confused and hit the\ntls_merge_open_record() path, which then assumes that there must be at\nleast one populated buffer element, leading to a NULL deref.\n\nIt is possible to have empty plaintext/ciphertext buffers if we previously\nbailed from tls_sw_sendmsg_locked() via the tls_trim_both_msgs() path.\ntls_sw_push_pending_record() already handles this case correctly; let\u0027s do\nthe same check in tls_sw_splice_eof()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:44.194Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/944900fe2736c07288efe2d9394db4d3ca23f2c9"
},
{
"url": "https://git.kernel.org/stable/c/2214e2bb5489145aba944874d0ee1652a0a63dc8"
},
{
"url": "https://git.kernel.org/stable/c/53f2cb491b500897a619ff6abd72f565933760f0"
}
],
"title": "tls: fix NULL deref on tls_sw_splice_eof() with empty record",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52767",
"datePublished": "2024-05-21T15:30:50.993Z",
"dateReserved": "2024-05-21T15:19:24.238Z",
"dateUpdated": "2025-05-04T07:42:44.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35962 (GCVE-0-2024-35962)
Vulnerability from cvelistv5
Published
2024-05-20 09:41
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: complete validation of user input
In my recent commit, I missed that do_replace() handlers
use copy_from_sockptr() (which I fixed), followed
by unsafe copy_from_sockptr_offset() calls.
In all functions, we can perform the @optlen validation
before even calling xt_alloc_table_info() with the following
check:
if ((u64)optlen < (u64)tmp.size + sizeof(tmp))
return -EINVAL;
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0f038242b77ddfc505bf4163d4904c1abd2e74d6 Version: 440e948cf0eff32cfe322dcbca3f2525354b159b Version: 18aae2cb87e5faa9c5bd865260ceadac60d5a6c5 Version: 81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525 Version: 58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018 Version: 0c83842df40f86e529db6842231154772c20edcc |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:40:32.586631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:14.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/netfilter/arp_tables.c",
"net/ipv4/netfilter/ip_tables.c",
"net/ipv6/netfilter/ip6_tables.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05",
"status": "affected",
"version": "0f038242b77ddfc505bf4163d4904c1abd2e74d6",
"versionType": "git"
},
{
"lessThan": "97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7",
"status": "affected",
"version": "440e948cf0eff32cfe322dcbca3f2525354b159b",
"versionType": "git"
},
{
"lessThan": "c760089aa98289b4b88a7ff5a62dd92845adf223",
"status": "affected",
"version": "18aae2cb87e5faa9c5bd865260ceadac60d5a6c5",
"versionType": "git"
},
{
"lessThan": "89242d9584c342cb83311b598d9e6b82572eadf8",
"status": "affected",
"version": "81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525",
"versionType": "git"
},
{
"lessThan": "562b7245131f6e9f1d280c8b5a8750f03edfc05c",
"status": "affected",
"version": "58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018",
"versionType": "git"
},
{
"lessThan": "65acf6e0501ac8880a4f73980d01b5d27648b956",
"status": "affected",
"version": "0c83842df40f86e529db6842231154772c20edcc",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/netfilter/arp_tables.c",
"net/ipv4/netfilter/ip_tables.c",
"net/ipv6/netfilter/ip6_tables.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.10.216",
"status": "affected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThan": "5.15.156",
"status": "affected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThan": "6.1.87",
"status": "affected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThan": "6.6.28",
"status": "affected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThan": "6.8.7",
"status": "affected",
"version": "6.8.5",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.10.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"versionStartIncluding": "5.15.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "6.1.85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "6.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "6.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: complete validation of user input\n\nIn my recent commit, I missed that do_replace() handlers\nuse copy_from_sockptr() (which I fixed), followed\nby unsafe copy_from_sockptr_offset() calls.\n\nIn all functions, we can perform the @optlen validation\nbefore even calling xt_alloc_table_info() with the following\ncheck:\n\nif ((u64)optlen \u003c (u64)tmp.size + sizeof(tmp))\n return -EINVAL;"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:19.304Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05"
},
{
"url": "https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7"
},
{
"url": "https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223"
},
{
"url": "https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8"
},
{
"url": "https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c"
},
{
"url": "https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956"
}
],
"title": "netfilter: complete validation of user input",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35962",
"datePublished": "2024-05-20T09:41:53.207Z",
"dateReserved": "2024-05-17T13:50:33.137Z",
"dateUpdated": "2025-05-04T09:09:19.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37353 (GCVE-0-2024-37353)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-08-21T23:54:07.622Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-37353",
"datePublished": "2024-06-21T10:18:10.995Z",
"dateRejected": "2024-08-21T23:54:07.622Z",
"dateReserved": "2024-06-21T10:13:16.289Z",
"dateUpdated": "2024-08-21T23:54:07.622Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38628 (GCVE-0-2024-38628)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.
Hang on to the control IDs instead of pointers since those are correctly
handled with locks.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38628",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:20:09.528911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T16:32:35.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89e66809684485590ea0b32c3178e42cba36ac09"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/453d3fa9266e53f85377b911c19b9a4563fa88c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bea73b58ab67fe581037ad9cdb93c2557590c068"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b739388aa3f8dfb63a9fca777e6dfa6912d0464"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/u_audio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "89e66809684485590ea0b32c3178e42cba36ac09",
"status": "affected",
"version": "02de698ca8123782c0c6fb8ed99080e2f032b0d2",
"versionType": "git"
},
{
"lessThan": "453d3fa9266e53f85377b911c19b9a4563fa88c0",
"status": "affected",
"version": "02de698ca8123782c0c6fb8ed99080e2f032b0d2",
"versionType": "git"
},
{
"lessThan": "bea73b58ab67fe581037ad9cdb93c2557590c068",
"status": "affected",
"version": "02de698ca8123782c0c6fb8ed99080e2f032b0d2",
"versionType": "git"
},
{
"lessThan": "1b739388aa3f8dfb63a9fca777e6dfa6912d0464",
"status": "affected",
"version": "02de698ca8123782c0c6fb8ed99080e2f032b0d2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/u_audio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.\n\nHang on to the control IDs instead of pointers since those are correctly\nhandled with locks."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:38.836Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/89e66809684485590ea0b32c3178e42cba36ac09"
},
{
"url": "https://git.kernel.org/stable/c/453d3fa9266e53f85377b911c19b9a4563fa88c0"
},
{
"url": "https://git.kernel.org/stable/c/bea73b58ab67fe581037ad9cdb93c2557590c068"
},
{
"url": "https://git.kernel.org/stable/c/1b739388aa3f8dfb63a9fca777e6dfa6912d0464"
}
],
"title": "usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38628",
"datePublished": "2024-06-21T10:18:19.558Z",
"dateReserved": "2024-06-18T19:36:34.946Z",
"dateUpdated": "2025-05-04T09:15:38.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52749 (GCVE-0-2023-52749)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-21 08:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: Fix null dereference on suspend
A race condition exists where a synchronous (noqueue) transfer can be
active during a system suspend. This can cause a null pointer
dereference exception to occur when the system resumes.
Example order of events leading to the exception:
1. spi_sync() calls __spi_transfer_message_noqueue() which sets
ctlr->cur_msg
2. Spi transfer begins via spi_transfer_one_message()
3. System is suspended interrupting the transfer context
4. System is resumed
6. spi_controller_resume() calls spi_start_queue() which resets cur_msg
to NULL
7. Spi transfer context resumes and spi_finalize_current_message() is
called which dereferences cur_msg (which is now NULL)
Wait for synchronous transfers to complete before suspending by
acquiring the bus mutex and setting/checking a suspend flag.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:36:59.089454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:37:26.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi.c",
"include/linux/spi/spi.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4ec4508db97502a12daee88c74782e8d35ced068",
"status": "affected",
"version": "ae7d2346dc89ae89a6e0aabe6037591a11e593c0",
"versionType": "git"
},
{
"lessThan": "96474ea47dc67b0704392d59192b233c8197db0e",
"status": "affected",
"version": "ae7d2346dc89ae89a6e0aabe6037591a11e593c0",
"versionType": "git"
},
{
"lessThan": "bef4a48f4ef798c4feddf045d49e53c8a97d5e37",
"status": "affected",
"version": "ae7d2346dc89ae89a6e0aabe6037591a11e593c0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi.c",
"include/linux/spi/spi.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.66",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.66",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix null dereference on suspend\n\nA race condition exists where a synchronous (noqueue) transfer can be\nactive during a system suspend. This can cause a null pointer\ndereference exception to occur when the system resumes.\n\nExample order of events leading to the exception:\n1. spi_sync() calls __spi_transfer_message_noqueue() which sets\n ctlr-\u003ecur_msg\n2. Spi transfer begins via spi_transfer_one_message()\n3. System is suspended interrupting the transfer context\n4. System is resumed\n6. spi_controller_resume() calls spi_start_queue() which resets cur_msg\n to NULL\n7. Spi transfer context resumes and spi_finalize_current_message() is\n called which dereferences cur_msg (which is now NULL)\n\nWait for synchronous transfers to complete before suspending by\nacquiring the bus mutex and setting/checking a suspend flag."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:49:58.550Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068"
},
{
"url": "https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e"
},
{
"url": "https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37"
}
],
"title": "spi: Fix null dereference on suspend",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52749",
"datePublished": "2024-05-21T15:30:38.904Z",
"dateReserved": "2024-05-21T15:19:24.234Z",
"dateUpdated": "2025-05-21T08:49:58.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36967 (GCVE-0-2024-36967)
Vulnerability from cvelistv5
Published
2024-06-08 12:52
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KEYS: trusted: Fix memory leak in tpm2_key_encode()
'scratch' is never freed. Fix this by calling kfree() in the success, and
in the error case.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f2219745250f388edacabe6cca73654131c67d0a Version: f2219745250f388edacabe6cca73654131c67d0a Version: f2219745250f388edacabe6cca73654131c67d0a Version: f2219745250f388edacabe6cca73654131c67d0a Version: f2219745250f388edacabe6cca73654131c67d0a Version: f2219745250f388edacabe6cca73654131c67d0a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T13:06:42.605558Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T13:06:51.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e6914fa8e7798bcf3ce4a5b96ea4ac1d5571cdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d91238b590bd883c86ba7707c5c9096469c08b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e62835264d0352be6086975f18fdfed2b5520b13"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/189c768932d435045b1fae12bf63e53866f06a28"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf26a92f560eed5d6ddc3d441cc645950cbabc56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ffcaa2172cc1a85ddb8b783de96d38ca8855e248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/keys/trusted-keys/trusted_tpm2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1e6914fa8e7798bcf3ce4a5b96ea4ac1d5571cdf",
"status": "affected",
"version": "f2219745250f388edacabe6cca73654131c67d0a",
"versionType": "git"
},
{
"lessThan": "5d91238b590bd883c86ba7707c5c9096469c08b7",
"status": "affected",
"version": "f2219745250f388edacabe6cca73654131c67d0a",
"versionType": "git"
},
{
"lessThan": "e62835264d0352be6086975f18fdfed2b5520b13",
"status": "affected",
"version": "f2219745250f388edacabe6cca73654131c67d0a",
"versionType": "git"
},
{
"lessThan": "189c768932d435045b1fae12bf63e53866f06a28",
"status": "affected",
"version": "f2219745250f388edacabe6cca73654131c67d0a",
"versionType": "git"
},
{
"lessThan": "cf26a92f560eed5d6ddc3d441cc645950cbabc56",
"status": "affected",
"version": "f2219745250f388edacabe6cca73654131c67d0a",
"versionType": "git"
},
{
"lessThan": "ffcaa2172cc1a85ddb8b783de96d38ca8855e248",
"status": "affected",
"version": "f2219745250f388edacabe6cca73654131c67d0a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/keys/trusted-keys/trusted_tpm2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.92",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.160",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.92",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.32",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.11",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.2",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: Fix memory leak in tpm2_key_encode()\n\n\u0027scratch\u0027 is never freed. Fix this by calling kfree() in the success, and\nin the error case."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:00.837Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1e6914fa8e7798bcf3ce4a5b96ea4ac1d5571cdf"
},
{
"url": "https://git.kernel.org/stable/c/5d91238b590bd883c86ba7707c5c9096469c08b7"
},
{
"url": "https://git.kernel.org/stable/c/e62835264d0352be6086975f18fdfed2b5520b13"
},
{
"url": "https://git.kernel.org/stable/c/189c768932d435045b1fae12bf63e53866f06a28"
},
{
"url": "https://git.kernel.org/stable/c/cf26a92f560eed5d6ddc3d441cc645950cbabc56"
},
{
"url": "https://git.kernel.org/stable/c/ffcaa2172cc1a85ddb8b783de96d38ca8855e248"
}
],
"title": "KEYS: trusted: Fix memory leak in tpm2_key_encode()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36967",
"datePublished": "2024-06-08T12:52:59.895Z",
"dateReserved": "2024-05-30T15:25:07.081Z",
"dateUpdated": "2025-05-04T09:13:00.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39291 (GCVE-0-2024-39291)
Vulnerability from cvelistv5
Published
2024-06-24 13:52
Modified
2025-05-04 09:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()
The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating
about potential truncation of output when using the snprintf function.
The issue was due to the size of the buffer 'ucode_prefix' being too
small to accommodate the maximum possible length of the string being
written into it.
The string being written is "amdgpu/%s_mec.bin" or "amdgpu/%s_rlc.bin",
where %s is replaced by the value of 'chip_name'. The length of this
string without the %s is 16 characters. The warning message indicated
that 'chip_name' could be up to 29 characters long, resulting in a total
of 45 characters, which exceeds the buffer size of 30 characters.
To resolve this issue, the size of the 'ucode_prefix' buffer has been
reduced from 30 to 15. This ensures that the maximum possible length of
the string being written into the buffer will not exceed its size, thus
preventing potential buffer overflow and truncation issues.
Fixes the below with gcc W=1:
drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c: In function ‘gfx_v9_4_3_early_init’:
drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c:379:52: warning: ‘%s’ directive output may be truncated writing up to 29 bytes into a region of size 23 [-Wformat-truncation=]
379 | snprintf(fw_name, sizeof(fw_name), "amdgpu/%s_rlc.bin", chip_name);
| ^~
......
439 | r = gfx_v9_4_3_init_rlc_microcode(adev, ucode_prefix);
| ~~~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c:379:9: note: ‘snprintf’ output between 16 and 45 bytes into a destination of size 30
379 | snprintf(fw_name, sizeof(fw_name), "amdgpu/%s_rlc.bin", chip_name);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c:413:52: warning: ‘%s’ directive output may be truncated writing up to 29 bytes into a region of size 23 [-Wformat-truncation=]
413 | snprintf(fw_name, sizeof(fw_name), "amdgpu/%s_mec.bin", chip_name);
| ^~
......
443 | r = gfx_v9_4_3_init_cp_compute_microcode(adev, ucode_prefix);
| ~~~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c:413:9: note: ‘snprintf’ output between 16 and 45 bytes into a destination of size 30
413 | snprintf(fw_name, sizeof(fw_name), "amdgpu/%s_mec.bin", chip_name);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19bd9537b6bc1c882df25206c15917214d8e9460"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1b6a016dfa45cedc080d36fa5d6f22237d80e8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/acce6479e30f73ab0872e93a75aed1fb791d04ec"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:08:43.406503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:43.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "19bd9537b6bc1c882df25206c15917214d8e9460",
"status": "affected",
"version": "86301129698be52f8398f92ea8564168f6bfcae1",
"versionType": "git"
},
{
"lessThan": "f1b6a016dfa45cedc080d36fa5d6f22237d80e8b",
"status": "affected",
"version": "86301129698be52f8398f92ea8564168f6bfcae1",
"versionType": "git"
},
{
"lessThan": "acce6479e30f73ab0872e93a75aed1fb791d04ec",
"status": "affected",
"version": "86301129698be52f8398f92ea8564168f6bfcae1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()\n\nThe function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating\nabout potential truncation of output when using the snprintf function.\nThe issue was due to the size of the buffer \u0027ucode_prefix\u0027 being too\nsmall to accommodate the maximum possible length of the string being\nwritten into it.\n\nThe string being written is \"amdgpu/%s_mec.bin\" or \"amdgpu/%s_rlc.bin\",\nwhere %s is replaced by the value of \u0027chip_name\u0027. The length of this\nstring without the %s is 16 characters. The warning message indicated\nthat \u0027chip_name\u0027 could be up to 29 characters long, resulting in a total\nof 45 characters, which exceeds the buffer size of 30 characters.\n\nTo resolve this issue, the size of the \u0027ucode_prefix\u0027 buffer has been\nreduced from 30 to 15. This ensures that the maximum possible length of\nthe string being written into the buffer will not exceed its size, thus\npreventing potential buffer overflow and truncation issues.\n\nFixes the below with gcc W=1:\ndrivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c: In function \u2018gfx_v9_4_3_early_init\u2019:\ndrivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c:379:52: warning: \u2018%s\u2019 directive output may be truncated writing up to 29 bytes into a region of size 23 [-Wformat-truncation=]\n 379 | snprintf(fw_name, sizeof(fw_name), \"amdgpu/%s_rlc.bin\", chip_name);\n | ^~\n......\n 439 | r = gfx_v9_4_3_init_rlc_microcode(adev, ucode_prefix);\n | ~~~~~~~~~~~~\ndrivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c:379:9: note: \u2018snprintf\u2019 output between 16 and 45 bytes into a destination of size 30\n 379 | snprintf(fw_name, sizeof(fw_name), \"amdgpu/%s_rlc.bin\", chip_name);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ndrivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c:413:52: warning: \u2018%s\u2019 directive output may be truncated writing up to 29 bytes into a region of size 23 [-Wformat-truncation=]\n 413 | snprintf(fw_name, sizeof(fw_name), \"amdgpu/%s_mec.bin\", chip_name);\n | ^~\n......\n 443 | r = gfx_v9_4_3_init_cp_compute_microcode(adev, ucode_prefix);\n | ~~~~~~~~~~~~\ndrivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c:413:9: note: \u2018snprintf\u2019 output between 16 and 45 bytes into a destination of size 30\n 413 | snprintf(fw_name, sizeof(fw_name), \"amdgpu/%s_mec.bin\", chip_name);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:16:09.673Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/19bd9537b6bc1c882df25206c15917214d8e9460"
},
{
"url": "https://git.kernel.org/stable/c/f1b6a016dfa45cedc080d36fa5d6f22237d80e8b"
},
{
"url": "https://git.kernel.org/stable/c/acce6479e30f73ab0872e93a75aed1fb791d04ec"
}
],
"title": "drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39291",
"datePublished": "2024-06-24T13:52:26.082Z",
"dateReserved": "2024-06-21T11:16:40.644Z",
"dateUpdated": "2025-05-04T09:16:09.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52814 (GCVE-0-2023-52814)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-09-16 13:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix potential null pointer derefernce
The amdgpu_ras_get_context may return NULL if device
not support ras feature, so add check before using.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "1da177e4c3f4"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.10.202"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15.140"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.64"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.5.13"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.3"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T13:51:23.550817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T13:52:56.279Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b93a25de28af153312f0fc979b0663fc4bd3442b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c11cf5e117f50f5a767054600885acd981449afe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b70fc7d70e8ef7c4a65034c9487f58609e708a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0702ee4d811708251cdf54d4a1d3e888d365111"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/da46e63482fdc5e35c008865c22ac64027f6f0c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80285ae1ec8717b597b20de38866c29d84d321a1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b93a25de28af153312f0fc979b0663fc4bd3442b",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "c11cf5e117f50f5a767054600885acd981449afe",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "9b70fc7d70e8ef7c4a65034c9487f58609e708a1",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "b0702ee4d811708251cdf54d4a1d3e888d365111",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "da46e63482fdc5e35c008865c22ac64027f6f0c2",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "80285ae1ec8717b597b20de38866c29d84d321a1",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential null pointer derefernce\n\nThe amdgpu_ras_get_context may return NULL if device\nnot support ras feature, so add check before using."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T08:02:12.367Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b93a25de28af153312f0fc979b0663fc4bd3442b"
},
{
"url": "https://git.kernel.org/stable/c/c11cf5e117f50f5a767054600885acd981449afe"
},
{
"url": "https://git.kernel.org/stable/c/9b70fc7d70e8ef7c4a65034c9487f58609e708a1"
},
{
"url": "https://git.kernel.org/stable/c/b0702ee4d811708251cdf54d4a1d3e888d365111"
},
{
"url": "https://git.kernel.org/stable/c/da46e63482fdc5e35c008865c22ac64027f6f0c2"
},
{
"url": "https://git.kernel.org/stable/c/80285ae1ec8717b597b20de38866c29d84d321a1"
}
],
"title": "drm/amdgpu: Fix potential null pointer derefernce",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52814",
"datePublished": "2024-05-21T15:31:22.263Z",
"dateReserved": "2024-05-21T15:19:24.248Z",
"dateUpdated": "2025-09-16T13:52:56.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52869 (GCVE-0-2023-52869)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
pstore/platform: Add check for kstrdup
Add check for the return value of kstrdup() and return the error
if it fails in order to avoid NULL pointer dereference.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 563ca40ddf400dbf8c6254077f9b6887101d0f08 Version: 563ca40ddf400dbf8c6254077f9b6887101d0f08 Version: 563ca40ddf400dbf8c6254077f9b6887101d0f08 Version: 563ca40ddf400dbf8c6254077f9b6887101d0f08 Version: 563ca40ddf400dbf8c6254077f9b6887101d0f08 Version: 563ca40ddf400dbf8c6254077f9b6887101d0f08 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "563ca40ddf40"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.8"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.10.201"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15.139"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.63"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.5.12"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T18:43:39.605894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:48:28.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bb166bdae1a7d7db30e9be7e6ccaba606debc05f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/379b120e4f27fd1cf636a5f85570c4d240a3f688"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/63f637309baadf81a095f2653e3b807d4b5814b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c426da79f9fc7b761021b5eb44185ba119cd44a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad5cb6deb41417ef41b9d6ff54f789212108606f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a19d48f7c5d57c0f0405a7d4334d1d38fe9d3c1c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/pstore/platform.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bb166bdae1a7d7db30e9be7e6ccaba606debc05f",
"status": "affected",
"version": "563ca40ddf400dbf8c6254077f9b6887101d0f08",
"versionType": "git"
},
{
"lessThan": "379b120e4f27fd1cf636a5f85570c4d240a3f688",
"status": "affected",
"version": "563ca40ddf400dbf8c6254077f9b6887101d0f08",
"versionType": "git"
},
{
"lessThan": "63f637309baadf81a095f2653e3b807d4b5814b9",
"status": "affected",
"version": "563ca40ddf400dbf8c6254077f9b6887101d0f08",
"versionType": "git"
},
{
"lessThan": "1c426da79f9fc7b761021b5eb44185ba119cd44a",
"status": "affected",
"version": "563ca40ddf400dbf8c6254077f9b6887101d0f08",
"versionType": "git"
},
{
"lessThan": "ad5cb6deb41417ef41b9d6ff54f789212108606f",
"status": "affected",
"version": "563ca40ddf400dbf8c6254077f9b6887101d0f08",
"versionType": "git"
},
{
"lessThan": "a19d48f7c5d57c0f0405a7d4334d1d38fe9d3c1c",
"status": "affected",
"version": "563ca40ddf400dbf8c6254077f9b6887101d0f08",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/pstore/platform.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore/platform: Add check for kstrdup\n\nAdd check for the return value of kstrdup() and return the error\nif it fails in order to avoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:44.652Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bb166bdae1a7d7db30e9be7e6ccaba606debc05f"
},
{
"url": "https://git.kernel.org/stable/c/379b120e4f27fd1cf636a5f85570c4d240a3f688"
},
{
"url": "https://git.kernel.org/stable/c/63f637309baadf81a095f2653e3b807d4b5814b9"
},
{
"url": "https://git.kernel.org/stable/c/1c426da79f9fc7b761021b5eb44185ba119cd44a"
},
{
"url": "https://git.kernel.org/stable/c/ad5cb6deb41417ef41b9d6ff54f789212108606f"
},
{
"url": "https://git.kernel.org/stable/c/a19d48f7c5d57c0f0405a7d4334d1d38fe9d3c1c"
}
],
"title": "pstore/platform: Add check for kstrdup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52869",
"datePublished": "2024-05-21T15:31:59.168Z",
"dateReserved": "2024-05-21T15:19:24.263Z",
"dateUpdated": "2025-05-04T07:44:44.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38616 (GCVE-0-2024-38616)
Vulnerability from cvelistv5
Published
2024-06-19 13:56
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: carl9170: re-fix fortified-memset warning
The carl9170_tx_release() function sometimes triggers a fortified-memset
warning in my randconfig builds:
In file included from include/linux/string.h:254,
from drivers/net/wireless/ath/carl9170/tx.c:40:
In function 'fortify_memset_chk',
inlined from 'carl9170_tx_release' at drivers/net/wireless/ath/carl9170/tx.c:283:2,
inlined from 'kref_put' at include/linux/kref.h:65:3,
inlined from 'carl9170_tx_put_skb' at drivers/net/wireless/ath/carl9170/tx.c:342:9:
include/linux/fortify-string.h:493:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
493 | __write_overflow_field(p_size_field, size);
Kees previously tried to avoid this by using memset_after(), but it seems
this does not fully address the problem. I noticed that the memset_after()
here is done on a different part of the union (status) than the original
cast was from (rate_driver_data), which may confuse the compiler.
Unfortunately, the memset_after() trick does not work on driver_rates[]
because that is part of an anonymous struct, and I could not get
struct_group() to do this either. Using two separate memset() calls
on the two members does address the warning though.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "13857683126e",
"status": "affected",
"version": "fb5f6a0e8063",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "875864670982",
"status": "affected",
"version": "fb5f6a0e8063",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "0c38c9c460bb",
"status": "affected",
"version": "fb5f6a0e8063",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "042a39bb8e08",
"status": "affected",
"version": "fb5f6a0e8063",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "066afafc10c9",
"status": "affected",
"version": "fb5f6a0e8063",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.17"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.93",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.33",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.12",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.10",
"status": "unaffected",
"version": "6.9.3 t",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.10_rc1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T13:37:04.448058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:06:00.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13857683126e8a6492af73c74d702835f7a2175b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87586467098281f04fa93e59fe3a516b954bddc4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c38c9c460bb8ce8d6f6cf316e0d71a70983ec83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/042a39bb8e0812466327a5102606e88a5a4f8c02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/066afafc10c9476ee36c47c9062527a17e763901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/carl9170/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "13857683126e8a6492af73c74d702835f7a2175b",
"status": "affected",
"version": "fb5f6a0e8063b7a84d6d44ef353846ccd7708d2e",
"versionType": "git"
},
{
"lessThan": "87586467098281f04fa93e59fe3a516b954bddc4",
"status": "affected",
"version": "fb5f6a0e8063b7a84d6d44ef353846ccd7708d2e",
"versionType": "git"
},
{
"lessThan": "0c38c9c460bb8ce8d6f6cf316e0d71a70983ec83",
"status": "affected",
"version": "fb5f6a0e8063b7a84d6d44ef353846ccd7708d2e",
"versionType": "git"
},
{
"lessThan": "042a39bb8e0812466327a5102606e88a5a4f8c02",
"status": "affected",
"version": "fb5f6a0e8063b7a84d6d44ef353846ccd7708d2e",
"versionType": "git"
},
{
"lessThan": "066afafc10c9476ee36c47c9062527a17e763901",
"status": "affected",
"version": "fb5f6a0e8063b7a84d6d44ef353846ccd7708d2e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/carl9170/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: re-fix fortified-memset warning\n\nThe carl9170_tx_release() function sometimes triggers a fortified-memset\nwarning in my randconfig builds:\n\nIn file included from include/linux/string.h:254,\n from drivers/net/wireless/ath/carl9170/tx.c:40:\nIn function \u0027fortify_memset_chk\u0027,\n inlined from \u0027carl9170_tx_release\u0027 at drivers/net/wireless/ath/carl9170/tx.c:283:2,\n inlined from \u0027kref_put\u0027 at include/linux/kref.h:65:3,\n inlined from \u0027carl9170_tx_put_skb\u0027 at drivers/net/wireless/ath/carl9170/tx.c:342:9:\ninclude/linux/fortify-string.h:493:25: error: call to \u0027__write_overflow_field\u0027 declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]\n 493 | __write_overflow_field(p_size_field, size);\n\nKees previously tried to avoid this by using memset_after(), but it seems\nthis does not fully address the problem. I noticed that the memset_after()\nhere is done on a different part of the union (status) than the original\ncast was from (rate_driver_data), which may confuse the compiler.\n\nUnfortunately, the memset_after() trick does not work on driver_rates[]\nbecause that is part of an anonymous struct, and I could not get\nstruct_group() to do this either. Using two separate memset() calls\non the two members does address the warning though."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:22.437Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/13857683126e8a6492af73c74d702835f7a2175b"
},
{
"url": "https://git.kernel.org/stable/c/87586467098281f04fa93e59fe3a516b954bddc4"
},
{
"url": "https://git.kernel.org/stable/c/0c38c9c460bb8ce8d6f6cf316e0d71a70983ec83"
},
{
"url": "https://git.kernel.org/stable/c/042a39bb8e0812466327a5102606e88a5a4f8c02"
},
{
"url": "https://git.kernel.org/stable/c/066afafc10c9476ee36c47c9062527a17e763901"
}
],
"title": "wifi: carl9170: re-fix fortified-memset warning",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38616",
"datePublished": "2024-06-19T13:56:16.086Z",
"dateReserved": "2024-06-18T19:36:34.944Z",
"dateUpdated": "2025-05-04T09:15:22.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38602 (GCVE-0-2024-38602)
Vulnerability from cvelistv5
Published
2024-06-19 13:48
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ax25: Fix reference count leak issues of ax25_dev
The ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference
count leak issue of the object "ax25_dev".
Memory leak issue in ax25_addr_ax25dev():
The reference count of the object "ax25_dev" can be increased multiple
times in ax25_addr_ax25dev(). This will cause a memory leak.
Memory leak issues in ax25_dev_device_down():
The reference count of ax25_dev is set to 1 in ax25_dev_device_up() and
then increase the reference count when ax25_dev is added to ax25_dev_list.
As a result, the reference count of ax25_dev is 2. But when the device is
shutting down. The ax25_dev_device_down() drops the reference count once
or twice depending on if we goto unlock_put or not, which will cause
memory leak.
As for the issue of ax25_addr_ax25dev(), it is impossible for one pointer
to be on a list twice. So add a break in ax25_addr_ax25dev(). As for the
issue of ax25_dev_device_down(), increase the reference count of ax25_dev
once in ax25_dev_device_up() and decrease the reference count of ax25_dev
after it is removed from the ax25_dev_list.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: d01ffb9eee4af165d83b08dd73ebdf9fe94a519b Version: ef0a2a0565727a48f2e36a2c461f8b1e3a61922d Version: e2b558fe507a1ed4c43db2b0057fc6e41f20a14c Version: 418993bbaafb0cd48f904ba68eeda052d624c821 Version: 5ea00fc60676c0eebfa8560ec461209d638bca9d Version: 9af0fd5c4453a44c692be0cbb3724859b75d739b |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae467750a3765dd1092eb29f58247950a2f9b60c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38eb01edfdaa1562fa00429be2e33f45383b1b3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ea02699c7557eeb35ccff2bd822de1b3e09d868"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b505e0319852b08a3a716b64620168eab21f4ced"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:18.286377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:53.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ax25/ax25_dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ae467750a3765dd1092eb29f58247950a2f9b60c",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "38eb01edfdaa1562fa00429be2e33f45383b1b3a",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "1ea02699c7557eeb35ccff2bd822de1b3e09d868",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"lessThan": "b505e0319852b08a3a716b64620168eab21f4ced",
"status": "affected",
"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b",
"versionType": "git"
},
{
"status": "affected",
"version": "ef0a2a0565727a48f2e36a2c461f8b1e3a61922d",
"versionType": "git"
},
{
"status": "affected",
"version": "e2b558fe507a1ed4c43db2b0057fc6e41f20a14c",
"versionType": "git"
},
{
"status": "affected",
"version": "418993bbaafb0cd48f904ba68eeda052d624c821",
"versionType": "git"
},
{
"status": "affected",
"version": "5ea00fc60676c0eebfa8560ec461209d638bca9d",
"versionType": "git"
},
{
"status": "affected",
"version": "9af0fd5c4453a44c692be0cbb3724859b75d739b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ax25/ax25_dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issues of ax25_dev\n\nThe ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference\ncount leak issue of the object \"ax25_dev\".\n\nMemory leak issue in ax25_addr_ax25dev():\n\nThe reference count of the object \"ax25_dev\" can be increased multiple\ntimes in ax25_addr_ax25dev(). This will cause a memory leak.\n\nMemory leak issues in ax25_dev_device_down():\n\nThe reference count of ax25_dev is set to 1 in ax25_dev_device_up() and\nthen increase the reference count when ax25_dev is added to ax25_dev_list.\nAs a result, the reference count of ax25_dev is 2. But when the device is\nshutting down. The ax25_dev_device_down() drops the reference count once\nor twice depending on if we goto unlock_put or not, which will cause\nmemory leak.\n\nAs for the issue of ax25_addr_ax25dev(), it is impossible for one pointer\nto be on a list twice. So add a break in ax25_addr_ax25dev(). As for the\nissue of ax25_dev_device_down(), increase the reference count of ax25_dev\nonce in ax25_dev_device_up() and decrease the reference count of ax25_dev\nafter it is removed from the ax25_dev_list."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:51.840Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ae467750a3765dd1092eb29f58247950a2f9b60c"
},
{
"url": "https://git.kernel.org/stable/c/38eb01edfdaa1562fa00429be2e33f45383b1b3a"
},
{
"url": "https://git.kernel.org/stable/c/81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3"
},
{
"url": "https://git.kernel.org/stable/c/1ea02699c7557eeb35ccff2bd822de1b3e09d868"
},
{
"url": "https://git.kernel.org/stable/c/b505e0319852b08a3a716b64620168eab21f4ced"
}
],
"title": "ax25: Fix reference count leak issues of ax25_dev",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38602",
"datePublished": "2024-06-19T13:48:13.768Z",
"dateReserved": "2024-06-18T19:36:34.933Z",
"dateUpdated": "2025-05-04T12:56:51.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38553 (GCVE-0-2024-38553)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: fec: remove .ndo_poll_controller to avoid deadlocks
There is a deadlock issue found in sungem driver, please refer to the
commit ac0a230f719b ("eth: sungem: remove .ndo_poll_controller to avoid
deadlocks"). The root cause of the issue is that netpoll is in atomic
context and disable_irq() is called by .ndo_poll_controller interface
of sungem driver, however, disable_irq() might sleep. After analyzing
the implementation of fec_poll_controller(), the fec driver should have
the same issue. Due to the fec driver uses NAPI for TX completions, the
.ndo_poll_controller is unnecessary to be implemented in the fec driver,
so fec_poll_controller() can be safely removed.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d38625f71950e79e254515c5fc585552dad4b33e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/accdd6b912c4219b8e056d1f1ad2e85bc66ee243"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87bcbc9b7e0b43a69d44efa5f32f11e32d08fa6f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2e0c58b25a0a0c37ec643255558c5af4450c9f5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:47.537507Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:57.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/freescale/fec_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e2348d8c61d03feece1de4c05f72e6e99f74c650",
"status": "affected",
"version": "7f5c6addcdc039c1a7c435857e6284ecac5d97c8",
"versionType": "git"
},
{
"lessThan": "d38625f71950e79e254515c5fc585552dad4b33e",
"status": "affected",
"version": "7f5c6addcdc039c1a7c435857e6284ecac5d97c8",
"versionType": "git"
},
{
"lessThan": "accdd6b912c4219b8e056d1f1ad2e85bc66ee243",
"status": "affected",
"version": "7f5c6addcdc039c1a7c435857e6284ecac5d97c8",
"versionType": "git"
},
{
"lessThan": "87bcbc9b7e0b43a69d44efa5f32f11e32d08fa6f",
"status": "affected",
"version": "7f5c6addcdc039c1a7c435857e6284ecac5d97c8",
"versionType": "git"
},
{
"lessThan": "c2e0c58b25a0a0c37ec643255558c5af4450c9f5",
"status": "affected",
"version": "7f5c6addcdc039c1a7c435857e6284ecac5d97c8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/freescale/fec_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.2"
},
{
"lessThan": "3.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.119",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.119",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: remove .ndo_poll_controller to avoid deadlocks\n\nThere is a deadlock issue found in sungem driver, please refer to the\ncommit ac0a230f719b (\"eth: sungem: remove .ndo_poll_controller to avoid\ndeadlocks\"). The root cause of the issue is that netpoll is in atomic\ncontext and disable_irq() is called by .ndo_poll_controller interface\nof sungem driver, however, disable_irq() might sleep. After analyzing\nthe implementation of fec_poll_controller(), the fec driver should have\nthe same issue. Due to the fec driver uses NAPI for TX completions, the\n.ndo_poll_controller is unnecessary to be implemented in the fec driver,\nso fec_poll_controller() can be safely removed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:56.883Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e2348d8c61d03feece1de4c05f72e6e99f74c650"
},
{
"url": "https://git.kernel.org/stable/c/d38625f71950e79e254515c5fc585552dad4b33e"
},
{
"url": "https://git.kernel.org/stable/c/accdd6b912c4219b8e056d1f1ad2e85bc66ee243"
},
{
"url": "https://git.kernel.org/stable/c/87bcbc9b7e0b43a69d44efa5f32f11e32d08fa6f"
},
{
"url": "https://git.kernel.org/stable/c/c2e0c58b25a0a0c37ec643255558c5af4450c9f5"
}
],
"title": "net: fec: remove .ndo_poll_controller to avoid deadlocks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38553",
"datePublished": "2024-06-19T13:35:24.743Z",
"dateReserved": "2024-06-18T19:36:34.920Z",
"dateUpdated": "2025-05-04T09:13:56.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38566 (GCVE-0-2024-38566)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix verifier assumptions about socket->sk
The verifier assumes that 'sk' field in 'struct socket' is valid
and non-NULL when 'socket' pointer itself is trusted and non-NULL.
That may not be the case when socket was just created and
passed to LSM socket_accept hook.
Fix this verifier assumption and adjust tests.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39f8a29330f433000e716eefc4b9abda05b71a82"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f5ae91172a93abac9720ba94edf3ec8f4d7f24f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c58ccdd2483a1d990748cdaf94206b5d5986a001"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0db63c0b86e981a1e97d2596d64ceceba1a5470e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:31.584918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:56.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c",
"tools/testing/selftests/bpf/progs/bench_local_storage_create.c",
"tools/testing/selftests/bpf/progs/local_storage.c",
"tools/testing/selftests/bpf/progs/lsm_cgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "39f8a29330f433000e716eefc4b9abda05b71a82",
"status": "affected",
"version": "6fcd486b3a0a628c41f12b3a7329a18a2c74b351",
"versionType": "git"
},
{
"lessThan": "6f5ae91172a93abac9720ba94edf3ec8f4d7f24f",
"status": "affected",
"version": "6fcd486b3a0a628c41f12b3a7329a18a2c74b351",
"versionType": "git"
},
{
"lessThan": "c58ccdd2483a1d990748cdaf94206b5d5986a001",
"status": "affected",
"version": "6fcd486b3a0a628c41f12b3a7329a18a2c74b351",
"versionType": "git"
},
{
"lessThan": "0db63c0b86e981a1e97d2596d64ceceba1a5470e",
"status": "affected",
"version": "6fcd486b3a0a628c41f12b3a7329a18a2c74b351",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c",
"tools/testing/selftests/bpf/progs/bench_local_storage_create.c",
"tools/testing/selftests/bpf/progs/local_storage.c",
"tools/testing/selftests/bpf/progs/lsm_cgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix verifier assumptions about socket-\u003esk\n\nThe verifier assumes that \u0027sk\u0027 field in \u0027struct socket\u0027 is valid\nand non-NULL when \u0027socket\u0027 pointer itself is trusted and non-NULL.\nThat may not be the case when socket was just created and\npassed to LSM socket_accept hook.\nFix this verifier assumption and adjust tests."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:15.091Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/39f8a29330f433000e716eefc4b9abda05b71a82"
},
{
"url": "https://git.kernel.org/stable/c/6f5ae91172a93abac9720ba94edf3ec8f4d7f24f"
},
{
"url": "https://git.kernel.org/stable/c/c58ccdd2483a1d990748cdaf94206b5d5986a001"
},
{
"url": "https://git.kernel.org/stable/c/0db63c0b86e981a1e97d2596d64ceceba1a5470e"
}
],
"title": "bpf: Fix verifier assumptions about socket-\u003esk",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38566",
"datePublished": "2024-06-19T13:35:33.587Z",
"dateReserved": "2024-06-18T19:36:34.923Z",
"dateUpdated": "2025-05-04T09:14:15.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38384 (GCVE-0-2024-38384)
Vulnerability from cvelistv5
Published
2024-06-24 13:50
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-cgroup: fix list corruption from reorder of WRITE ->lqueued
__blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start
is being executed.
If WRITE of `->lqueued` is re-ordered with READ of 'bisc->lnode.next' in
the loop of __blkcg_rstat_flush(), `next_bisc` can be assigned with one
stat instance being added in blk_cgroup_bio_start(), then the local
list in __blkcg_rstat_flush() could be corrupted.
Fix the issue by adding one barrier.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "714e59b5456e",
"status": "affected",
"version": "3b8cc6298724",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "785298ab6b80",
"status": "affected",
"version": "3b8cc6298724",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "d0aac2363549",
"status": "affected",
"version": "3b8cc6298724",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6.2"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.33",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.10",
"status": "unaffected",
"version": "6.9.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.10-rc1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:27:38.979262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:37:27.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/714e59b5456e4d6e4295a9968c564abe193f461c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/785298ab6b802afa75089239266b6bbea590809c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0aac2363549e12cc79b8e285f13d5a9f42fd08e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-cgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "714e59b5456e4d6e4295a9968c564abe193f461c",
"status": "affected",
"version": "3b8cc6298724021da845f2f9fd7dd4b6829a6817",
"versionType": "git"
},
{
"lessThan": "785298ab6b802afa75089239266b6bbea590809c",
"status": "affected",
"version": "3b8cc6298724021da845f2f9fd7dd4b6829a6817",
"versionType": "git"
},
{
"lessThan": "d0aac2363549e12cc79b8e285f13d5a9f42fd08e",
"status": "affected",
"version": "3b8cc6298724021da845f2f9fd7dd4b6829a6817",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-cgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: fix list corruption from reorder of WRITE -\u003elqueued\n\n__blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start\nis being executed.\n\nIf WRITE of `-\u003elqueued` is re-ordered with READ of \u0027bisc-\u003elnode.next\u0027 in\nthe loop of __blkcg_rstat_flush(), `next_bisc` can be assigned with one\nstat instance being added in blk_cgroup_bio_start(), then the local\nlist in __blkcg_rstat_flush() could be corrupted.\n\nFix the issue by adding one barrier."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:26.836Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/714e59b5456e4d6e4295a9968c564abe193f461c"
},
{
"url": "https://git.kernel.org/stable/c/785298ab6b802afa75089239266b6bbea590809c"
},
{
"url": "https://git.kernel.org/stable/c/d0aac2363549e12cc79b8e285f13d5a9f42fd08e"
}
],
"title": "blk-cgroup: fix list corruption from reorder of WRITE -\u003elqueued",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38384",
"datePublished": "2024-06-24T13:50:51.033Z",
"dateReserved": "2024-06-21T11:16:40.612Z",
"dateUpdated": "2025-05-04T09:13:26.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52801 (GCVE-0-2023-52801)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-10-01 19:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommufd: Fix missing update of domains_itree after splitting iopt_area
In iopt_area_split(), if the original iopt_area has filled a domain and is
linked to domains_itree, pages_nodes have to be properly
reinserted. Otherwise the domains_itree becomes corrupted and we will UAF.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "836db2e7e456",
"status": "affected",
"version": "51fe6141f0f6",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "fcb32111f01d",
"status": "affected",
"version": "51fe6141f0f6",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e7250ab7ca49",
"status": "affected",
"version": "51fe6141f0f6",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6..2"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T15:13:11.142898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:19:30.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/836db2e7e4565d8218923b3552304a1637e2f28d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fcb32111f01ddf3cbd04644cde1773428e31de6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e7250ab7ca4998fe026f2149805b03e09dc32498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/iommufd/io_pagetable.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "836db2e7e4565d8218923b3552304a1637e2f28d",
"status": "affected",
"version": "51fe6141f0f64ae0bbc096a41a07572273e8c0ef",
"versionType": "git"
},
{
"lessThan": "fcb32111f01ddf3cbd04644cde1773428e31de6a",
"status": "affected",
"version": "51fe6141f0f64ae0bbc096a41a07572273e8c0ef",
"versionType": "git"
},
{
"lessThan": "e7250ab7ca4998fe026f2149805b03e09dc32498",
"status": "affected",
"version": "51fe6141f0f64ae0bbc096a41a07572273e8c0ef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/iommufd/io_pagetable.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Fix missing update of domains_itree after splitting iopt_area\n\nIn iopt_area_split(), if the original iopt_area has filled a domain and is\nlinked to domains_itree, pages_nodes have to be properly\nreinserted. Otherwise the domains_itree becomes corrupted and we will UAF."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:27.834Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/836db2e7e4565d8218923b3552304a1637e2f28d"
},
{
"url": "https://git.kernel.org/stable/c/fcb32111f01ddf3cbd04644cde1773428e31de6a"
},
{
"url": "https://git.kernel.org/stable/c/e7250ab7ca4998fe026f2149805b03e09dc32498"
}
],
"title": "iommufd: Fix missing update of domains_itree after splitting iopt_area",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52801",
"datePublished": "2024-05-21T15:31:13.700Z",
"dateReserved": "2024-05-21T15:19:24.247Z",
"dateUpdated": "2025-10-01T19:19:30.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52870 (GCVE-0-2023-52870)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data
Add the check for the return value of mtk_alloc_clk_data() in order to
avoid NULL pointer dereference.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1aca9939bf72893887cb7e3455e44c864bada2f9 Version: 1aca9939bf72893887cb7e3455e44c864bada2f9 Version: 1aca9939bf72893887cb7e3455e44c864bada2f9 Version: 1aca9939bf72893887cb7e3455e44c864bada2f9 Version: 1aca9939bf72893887cb7e3455e44c864bada2f9 Version: 1aca9939bf72893887cb7e3455e44c864bada2f9 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:46:17.967898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T18:52:22.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2617aa8ceaf30e41d3eb7f5fef3445542bef193a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/533ca5153ad6c7b7d47ae0114b14d0333964b946"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd1f30d68fa98eb672c0a259297b761656a9025f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10cc81124407d862f0f747db4baa9c006510b480"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b5ff3e89b4e7f46ad2aa0de7e08d18e6f87d71bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b82681042724924ae3ba0f2f2eeec217fa31e830"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt6765.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2617aa8ceaf30e41d3eb7f5fef3445542bef193a",
"status": "affected",
"version": "1aca9939bf72893887cb7e3455e44c864bada2f9",
"versionType": "git"
},
{
"lessThan": "533ca5153ad6c7b7d47ae0114b14d0333964b946",
"status": "affected",
"version": "1aca9939bf72893887cb7e3455e44c864bada2f9",
"versionType": "git"
},
{
"lessThan": "dd1f30d68fa98eb672c0a259297b761656a9025f",
"status": "affected",
"version": "1aca9939bf72893887cb7e3455e44c864bada2f9",
"versionType": "git"
},
{
"lessThan": "10cc81124407d862f0f747db4baa9c006510b480",
"status": "affected",
"version": "1aca9939bf72893887cb7e3455e44c864bada2f9",
"versionType": "git"
},
{
"lessThan": "b5ff3e89b4e7f46ad2aa0de7e08d18e6f87d71bc",
"status": "affected",
"version": "1aca9939bf72893887cb7e3455e44c864bada2f9",
"versionType": "git"
},
{
"lessThan": "b82681042724924ae3ba0f2f2eeec217fa31e830",
"status": "affected",
"version": "1aca9939bf72893887cb7e3455e44c864bada2f9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt6765.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data\n\nAdd the check for the return value of mtk_alloc_clk_data() in order to\navoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:45.981Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2617aa8ceaf30e41d3eb7f5fef3445542bef193a"
},
{
"url": "https://git.kernel.org/stable/c/533ca5153ad6c7b7d47ae0114b14d0333964b946"
},
{
"url": "https://git.kernel.org/stable/c/dd1f30d68fa98eb672c0a259297b761656a9025f"
},
{
"url": "https://git.kernel.org/stable/c/10cc81124407d862f0f747db4baa9c006510b480"
},
{
"url": "https://git.kernel.org/stable/c/b5ff3e89b4e7f46ad2aa0de7e08d18e6f87d71bc"
},
{
"url": "https://git.kernel.org/stable/c/b82681042724924ae3ba0f2f2eeec217fa31e830"
}
],
"title": "clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52870",
"datePublished": "2024-05-21T15:31:59.836Z",
"dateReserved": "2024-05-21T15:19:24.263Z",
"dateUpdated": "2025-05-04T07:44:45.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52864 (GCVE-0-2023-52864)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: wmi: Fix opening of char device
Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via
file private data"), the miscdevice stores a pointer to itself inside
filp->private_data, which means that private_data will not be NULL when
wmi_char_open() is called. This might cause memory corruption should
wmi_char_open() be unable to find its driver, something which can
happen when the associated WMI device is deleted in wmi_free_devices().
Fix the problem by using the miscdevice pointer to retrieve the WMI
device data associated with a char device using container_of(). This
also avoids wmi_char_open() picking a wrong WMI device bound to a
driver with the same name as the original driver.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:21:10.578430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:07.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cf098e937dd125c0317a0d6f261ac2a950a233d6",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "d426a2955e45a95b2282764105fcfb110a540453",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "e0bf076b734a2fab92d8fddc2b8b03462eee7097",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "44a96796d25809502c75771d40ee693c2e44724e",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "36d85fa7ae0d6be651c1a745191fa7ef055db43e",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "fb7b06b59c6887659c6ed0ecd3110835eecbb6a3",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "eba9ac7abab91c8f6d351460239108bef5e7a0b6",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: wmi: Fix opening of char device\n\nSince commit fa1f68db6ca7 (\"drivers: misc: pass miscdevice pointer via\nfile private data\"), the miscdevice stores a pointer to itself inside\nfilp-\u003eprivate_data, which means that private_data will not be NULL when\nwmi_char_open() is called. This might cause memory corruption should\nwmi_char_open() be unable to find its driver, something which can\nhappen when the associated WMI device is deleted in wmi_free_devices().\n\nFix the problem by using the miscdevice pointer to retrieve the WMI\ndevice data associated with a char device using container_of(). This\nalso avoids wmi_char_open() picking a wrong WMI device bound to a\ndriver with the same name as the original driver."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:33.981Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6"
},
{
"url": "https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203"
},
{
"url": "https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453"
},
{
"url": "https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097"
},
{
"url": "https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e"
},
{
"url": "https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e"
},
{
"url": "https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3"
},
{
"url": "https://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6"
}
],
"title": "platform/x86: wmi: Fix opening of char device",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52864",
"datePublished": "2024-05-21T15:31:55.875Z",
"dateReserved": "2024-05-21T15:19:24.261Z",
"dateUpdated": "2025-05-04T07:44:33.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52798 (GCVE-0-2023-52798)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: fix dfs radar event locking
The ath11k active pdevs are protected by RCU but the DFS radar event
handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a
read-side critical section.
Mark the code in question as an RCU read-side critical section to avoid
any potential use-after-free issues.
Compile tested only.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d5c65159f2895379e11ca13f62feabe93278985d Version: d5c65159f2895379e11ca13f62feabe93278985d Version: d5c65159f2895379e11ca13f62feabe93278985d Version: d5c65159f2895379e11ca13f62feabe93278985d Version: d5c65159f2895379e11ca13f62feabe93278985d Version: d5c65159f2895379e11ca13f62feabe93278985d |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T17:58:25.954317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T17:59:26.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f882f51905517575c9f793a3dff567af90ef9a10"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/426e718ce9ba60013364a54233feee309356cb82"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca420ac4f9451f22347bae44b18ab47ba2c267ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1fd878e1750190a612b5de2af357cca422ec0822"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21ebb0aba580d347e12f01ce5f6e75044427b3d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b6c14833165f689cc5928574ebafe52bbce5f1e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f882f51905517575c9f793a3dff567af90ef9a10",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "426e718ce9ba60013364a54233feee309356cb82",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "ca420ac4f9451f22347bae44b18ab47ba2c267ec",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "1fd878e1750190a612b5de2af357cca422ec0822",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "21ebb0aba580d347e12f01ce5f6e75044427b3d5",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "3b6c14833165f689cc5928574ebafe52bbce5f1e",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix dfs radar event locking\n\nThe ath11k active pdevs are protected by RCU but the DFS radar event\nhandling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a\nread-side critical section.\n\nMark the code in question as an RCU read-side critical section to avoid\nany potential use-after-free issues.\n\nCompile tested only."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:24.166Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f882f51905517575c9f793a3dff567af90ef9a10"
},
{
"url": "https://git.kernel.org/stable/c/426e718ce9ba60013364a54233feee309356cb82"
},
{
"url": "https://git.kernel.org/stable/c/ca420ac4f9451f22347bae44b18ab47ba2c267ec"
},
{
"url": "https://git.kernel.org/stable/c/1fd878e1750190a612b5de2af357cca422ec0822"
},
{
"url": "https://git.kernel.org/stable/c/21ebb0aba580d347e12f01ce5f6e75044427b3d5"
},
{
"url": "https://git.kernel.org/stable/c/3b6c14833165f689cc5928574ebafe52bbce5f1e"
}
],
"title": "wifi: ath11k: fix dfs radar event locking",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52798",
"datePublished": "2024-05-21T15:31:11.628Z",
"dateReserved": "2024-05-21T15:19:24.246Z",
"dateUpdated": "2025-05-04T07:43:24.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52879 (GCVE-0-2023-52879)
Vulnerability from cvelistv5
Published
2024-05-21 15:32
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing: Have trace_event_file have ref counters
The following can crash the kernel:
# cd /sys/kernel/tracing
# echo 'p:sched schedule' > kprobe_events
# exec 5>>events/kprobes/sched/enable
# > kprobe_events
# exec 5>&-
The above commands:
1. Change directory to the tracefs directory
2. Create a kprobe event (doesn't matter what one)
3. Open bash file descriptor 5 on the enable file of the kprobe event
4. Delete the kprobe event (removes the files too)
5. Close the bash file descriptor 5
The above causes a crash!
BUG: kernel NULL pointer dereference, address: 0000000000000028
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:tracing_release_file_tr+0xc/0x50
What happens here is that the kprobe event creates a trace_event_file
"file" descriptor that represents the file in tracefs to the event. It
maintains state of the event (is it enabled for the given instance?).
Opening the "enable" file gets a reference to the event "file" descriptor
via the open file descriptor. When the kprobe event is deleted, the file is
also deleted from the tracefs system which also frees the event "file"
descriptor.
But as the tracefs file is still opened by user space, it will not be
totally removed until the final dput() is called on it. But this is not
true with the event "file" descriptor that is already freed. If the user
does a write to or simply closes the file descriptor it will reference the
event "file" descriptor that was just freed, causing a use-after-free bug.
To solve this, add a ref count to the event "file" descriptor as well as a
new flag called "FREED". The "file" will not be freed until the last
reference is released. But the FREE flag will be set when the event is
removed to prevent any more modifications to that event from happening,
even if there's still a reference to the event "file" descriptor.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e6807c873d8791ae5a5186ad05ec66cab926539a Version: 407bf1c140f0757706c0b28604bcc90837d45ce2 Version: fa6d449e4d024d8c17f4288e0567d28ace69415c Version: a46bf337a20f9edd3c8041b025639842280d0575 Version: 9beec04370132a7a6cd1aa9897f6fffc6262ff28 Version: f5ca233e2e66dc1c249bf07eefa37e34a6c9346a Version: f5ca233e2e66dc1c249bf07eefa37e34a6c9346a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T16:59:47.559597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:30.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/trace_events.h",
"kernel/trace/trace.c",
"kernel/trace/trace.h",
"kernel/trace/trace_events.c",
"kernel/trace/trace_events_filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "961c4511c7578d6b8f39118be919016ec3db1c1e",
"status": "affected",
"version": "e6807c873d8791ae5a5186ad05ec66cab926539a",
"versionType": "git"
},
{
"lessThan": "a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f",
"status": "affected",
"version": "407bf1c140f0757706c0b28604bcc90837d45ce2",
"versionType": "git"
},
{
"lessThan": "cbc7c29dff0fa18162f2a3889d82eeefd67305e0",
"status": "affected",
"version": "fa6d449e4d024d8c17f4288e0567d28ace69415c",
"versionType": "git"
},
{
"lessThan": "2fa74d29fc1899c237d51bf9a6e132ea5c488976",
"status": "affected",
"version": "a46bf337a20f9edd3c8041b025639842280d0575",
"versionType": "git"
},
{
"lessThan": "2c9de867ca285c397cd71af703763fe416265706",
"status": "affected",
"version": "9beec04370132a7a6cd1aa9897f6fffc6262ff28",
"versionType": "git"
},
{
"lessThan": "9034c87d61be8cff989017740a91701ac8195a1d",
"status": "affected",
"version": "f5ca233e2e66dc1c249bf07eefa37e34a6c9346a",
"versionType": "git"
},
{
"lessThan": "bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4",
"status": "affected",
"version": "f5ca233e2e66dc1c249bf07eefa37e34a6c9346a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/trace_events.h",
"kernel/trace/trace.c",
"kernel/trace/trace.h",
"kernel/trace/trace_events.c",
"kernel/trace/trace_events_filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"versionStartIncluding": "5.4.258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "5.10.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "5.15.134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "6.1.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.1",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo \u0027p:sched schedule\u0027 \u003e kprobe_events\n # exec 5\u003e\u003eevents/kprobes/sched/enable\n # \u003e kprobe_events\n # exec 5\u003e\u0026-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn\u0027t matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n\"file\" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the \"enable\" file gets a reference to the event \"file\" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event \"file\"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event \"file\" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent \"file\" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event \"file\" descriptor as well as a\nnew flag called \"FREED\". The \"file\" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there\u0027s still a reference to the event \"file\" descriptor."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:07.175Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e"
},
{
"url": "https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f"
},
{
"url": "https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0"
},
{
"url": "https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976"
},
{
"url": "https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706"
},
{
"url": "https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d"
},
{
"url": "https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4"
}
],
"title": "tracing: Have trace_event_file have ref counters",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52879",
"datePublished": "2024-05-21T15:32:11.263Z",
"dateReserved": "2024-05-21T15:19:24.265Z",
"dateUpdated": "2025-05-04T07:45:07.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36957 (GCVE-0-2024-36957)
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: avoid off-by-one read from userspace
We try to access count + 1 byte from userspace with memdup_user(buffer,
count + 1). However, the userspace only provides buffer of count bytes and
only these count bytes are verified to be okay to access. To ensure the
copied buffer is NUL terminated, we use memdup_user_nul instead.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: dae49384d0d7695540e2d75168f323cef1384810 Version: 3a2eb515d1367c0f667b76089a6e727279c688b8 Version: 3a2eb515d1367c0f667b76089a6e727279c688b8 Version: 3a2eb515d1367c0f667b76089a6e727279c688b8 Version: 3a2eb515d1367c0f667b76089a6e727279c688b8 Version: 3a2eb515d1367c0f667b76089a6e727279c688b8 Version: c9a2ed3fdd037314a71e6a6ba5d99a3605f6f9c7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T18:14:35.481589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:14:45.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bcdac70adceb44373da204c3c297f2a98e13216e",
"status": "affected",
"version": "dae49384d0d7695540e2d75168f323cef1384810",
"versionType": "git"
},
{
"lessThan": "ec697fbd38cbe2eef0948b58673b146caa95402f",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"lessThan": "8f11fe3ea3fc261640cfc8a5addd838000407c67",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"lessThan": "0a0285cee11c7dcc2657bcd456e469958a5009e7",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"lessThan": "fc3e0076c1f82fe981d321e3a7bad4cbee542c19",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"lessThan": "f299ee709fb45036454ca11e90cb2810fe771878",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"status": "affected",
"version": "c9a2ed3fdd037314a71e6a6ba5d99a3605f6f9c7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.10.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: avoid off-by-one read from userspace\n\nWe try to access count + 1 byte from userspace with memdup_user(buffer,\ncount + 1). However, the userspace only provides buffer of count bytes and\nonly these count bytes are verified to be okay to access. To ensure the\ncopied buffer is NUL terminated, we use memdup_user_nul instead."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:34.681Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e"
},
{
"url": "https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f"
},
{
"url": "https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67"
},
{
"url": "https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7"
},
{
"url": "https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19"
},
{
"url": "https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878"
}
],
"title": "octeontx2-af: avoid off-by-one read from userspace",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36957",
"datePublished": "2024-05-30T15:35:50.445Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2025-05-04T12:56:34.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52787 (GCVE-0-2023-52787)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: make sure active queue usage is held for bio_integrity_prep()
blk_integrity_unregister() can come if queue usage counter isn't held
for one bio with integrity prepared, so this request may be completed with
calling profile->complete_fn, then kernel panic.
Another constraint is that bio_integrity_prep() needs to be called
before bio merge.
Fix the issue by:
- call bio_integrity_prep() with one queue usage counter grabbed reliably
- call bio_integrity_prep() before bio merge
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T19:34:28.406298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:03.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b5c8e0ff76d10f6bf70a7237678f27c20cf59bc9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9c309ded295b7f8849097d71ae231456ca79f78"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b80056bd75a16e4550873ecefe12bc8fd190b1cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0077e269f6c152e807fdac90b58caf012cdbaab"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-mq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b5c8e0ff76d10f6bf70a7237678f27c20cf59bc9",
"status": "affected",
"version": "900e080752025f0016128f07c9ed4c50eba3654b",
"versionType": "git"
},
{
"lessThan": "e9c309ded295b7f8849097d71ae231456ca79f78",
"status": "affected",
"version": "900e080752025f0016128f07c9ed4c50eba3654b",
"versionType": "git"
},
{
"lessThan": "b80056bd75a16e4550873ecefe12bc8fd190b1cf",
"status": "affected",
"version": "900e080752025f0016128f07c9ed4c50eba3654b",
"versionType": "git"
},
{
"lessThan": "b0077e269f6c152e807fdac90b58caf012cdbaab",
"status": "affected",
"version": "900e080752025f0016128f07c9ed4c50eba3654b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-mq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.72",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: make sure active queue usage is held for bio_integrity_prep()\n\nblk_integrity_unregister() can come if queue usage counter isn\u0027t held\nfor one bio with integrity prepared, so this request may be completed with\ncalling profile-\u003ecomplete_fn, then kernel panic.\n\nAnother constraint is that bio_integrity_prep() needs to be called\nbefore bio merge.\n\nFix the issue by:\n\n- call bio_integrity_prep() with one queue usage counter grabbed reliably\n\n- call bio_integrity_prep() before bio merge"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:12.344Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b5c8e0ff76d10f6bf70a7237678f27c20cf59bc9"
},
{
"url": "https://git.kernel.org/stable/c/e9c309ded295b7f8849097d71ae231456ca79f78"
},
{
"url": "https://git.kernel.org/stable/c/b80056bd75a16e4550873ecefe12bc8fd190b1cf"
},
{
"url": "https://git.kernel.org/stable/c/b0077e269f6c152e807fdac90b58caf012cdbaab"
}
],
"title": "blk-mq: make sure active queue usage is held for bio_integrity_prep()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52787",
"datePublished": "2024-05-21T15:31:04.343Z",
"dateReserved": "2024-05-21T15:19:24.241Z",
"dateUpdated": "2025-05-04T07:43:12.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39469 (GCVE-0-2024-39469)
Vulnerability from cvelistv5
Published
2024-06-25 14:28
Modified
2025-05-04 09:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
The error handling in nilfs_empty_dir() when a directory folio/page read
fails is incorrect, as in the old ext2 implementation, and if the
folio/page cannot be read or nilfs_check_folio() fails, it will falsely
determine the directory as empty and corrupt the file system.
In addition, since nilfs_empty_dir() does not immediately return on a
failed folio/page read, but continues to loop, this can cause a long loop
with I/O if i_size of the directory's inode is also corrupted, causing the
log writer thread to wait and hang, as reported by syzbot.
Fix these issues by making nilfs_empty_dir() immediately return a false
value (0) if it fails to get a directory folio/page.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 Version: 2ba466d74ed74f073257f86e61519cb8f8f46184 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ac8a2fe22bdde9eecce2a42cf5cab79333fb428"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/405b71f1251e5ae865f53bd27c45114e6c83bee3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c77ad608df6c091fe64ecb91f41ef7cb465587f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/11a2edb70356a2202dcb7c9c189c8356ab4752cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/129dcd3e7d036218db3f59c82d82004b9539ed82"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d18b05eda7fa77f02114f15b02c009f28ee42346"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/59f14875a96ef93f05b82ad3c980605f2cb444b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7373a51e7998b508af7136530f3a997b286ce81c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:07:55.313333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:41.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2ac8a2fe22bdde9eecce2a42cf5cab79333fb428",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "405b71f1251e5ae865f53bd27c45114e6c83bee3",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "c77ad608df6c091fe64ecb91f41ef7cb465587f1",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "11a2edb70356a2202dcb7c9c189c8356ab4752cd",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "129dcd3e7d036218db3f59c82d82004b9539ed82",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "d18b05eda7fa77f02114f15b02c009f28ee42346",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "59f14875a96ef93f05b82ad3c980605f2cb444b5",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "7373a51e7998b508af7136530f3a997b286ce81c",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.5",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors\n\nThe error handling in nilfs_empty_dir() when a directory folio/page read\nfails is incorrect, as in the old ext2 implementation, and if the\nfolio/page cannot be read or nilfs_check_folio() fails, it will falsely\ndetermine the directory as empty and corrupt the file system.\n\nIn addition, since nilfs_empty_dir() does not immediately return on a\nfailed folio/page read, but continues to loop, this can cause a long loop\nwith I/O if i_size of the directory\u0027s inode is also corrupted, causing the\nlog writer thread to wait and hang, as reported by syzbot.\n\nFix these issues by making nilfs_empty_dir() immediately return a false\nvalue (0) if it fails to get a directory folio/page."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:16:28.206Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2ac8a2fe22bdde9eecce2a42cf5cab79333fb428"
},
{
"url": "https://git.kernel.org/stable/c/405b71f1251e5ae865f53bd27c45114e6c83bee3"
},
{
"url": "https://git.kernel.org/stable/c/c77ad608df6c091fe64ecb91f41ef7cb465587f1"
},
{
"url": "https://git.kernel.org/stable/c/11a2edb70356a2202dcb7c9c189c8356ab4752cd"
},
{
"url": "https://git.kernel.org/stable/c/129dcd3e7d036218db3f59c82d82004b9539ed82"
},
{
"url": "https://git.kernel.org/stable/c/d18b05eda7fa77f02114f15b02c009f28ee42346"
},
{
"url": "https://git.kernel.org/stable/c/59f14875a96ef93f05b82ad3c980605f2cb444b5"
},
{
"url": "https://git.kernel.org/stable/c/7373a51e7998b508af7136530f3a997b286ce81c"
}
],
"title": "nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39469",
"datePublished": "2024-06-25T14:28:55.581Z",
"dateReserved": "2024-06-25T14:23:23.745Z",
"dateUpdated": "2025-05-04T09:16:28.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36903 (GCVE-0-2024-36903)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-22 12:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix potential uninit-value access in __ip6_make_skb()
As it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in
__ip_make_skb()") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flags
instead of testing HDRINCL on the socket to avoid a race condition which
causes uninit-value access.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2c9cefc142c1dc2759e19a92d3b2b3715e985beb Version: ea30388baebcce37fd594d425a65037ca35e59e8 Version: ea30388baebcce37fd594d425a65037ca35e59e8 Version: ea30388baebcce37fd594d425a65037ca35e59e8 Version: 165370522cc48127da564a08584a7391e6341908 Version: f394f690a30a5ec0413c62777a058eaf3d6e10d5 Version: 0cf600ca1bdf1d52df977516ee6cee0cadb1f6b1 Version: 605b056d63302ae84eb136e88d4df49124bd5e0d Version: d65ff2fe877c471aa6e79efa7bd8ff66e147c317 Version: 02ed5700f40445af02d1c97db25ffc2d04971d9f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:50:05.807509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:08.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68c8ba16ab712eb709c6bab80ff151079d11d97a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2367bf254f3a27ecc6e229afd7a8b0a1395f7be3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e13d3a9c25b7080f8a619f961e943fe08c2672c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a05c1ede50e9656f0752e523c7b54f3a3489e9a8",
"status": "affected",
"version": "2c9cefc142c1dc2759e19a92d3b2b3715e985beb",
"versionType": "git"
},
{
"lessThan": "68c8ba16ab712eb709c6bab80ff151079d11d97a",
"status": "affected",
"version": "ea30388baebcce37fd594d425a65037ca35e59e8",
"versionType": "git"
},
{
"lessThan": "2367bf254f3a27ecc6e229afd7a8b0a1395f7be3",
"status": "affected",
"version": "ea30388baebcce37fd594d425a65037ca35e59e8",
"versionType": "git"
},
{
"lessThan": "4e13d3a9c25b7080f8a619f961e943fe08c2672c",
"status": "affected",
"version": "ea30388baebcce37fd594d425a65037ca35e59e8",
"versionType": "git"
},
{
"status": "affected",
"version": "165370522cc48127da564a08584a7391e6341908",
"versionType": "git"
},
{
"status": "affected",
"version": "f394f690a30a5ec0413c62777a058eaf3d6e10d5",
"versionType": "git"
},
{
"status": "affected",
"version": "0cf600ca1bdf1d52df977516ee6cee0cadb1f6b1",
"versionType": "git"
},
{
"status": "affected",
"version": "605b056d63302ae84eb136e88d4df49124bd5e0d",
"versionType": "git"
},
{
"status": "affected",
"version": "d65ff2fe877c471aa6e79efa7bd8ff66e147c317",
"versionType": "git"
},
{
"status": "affected",
"version": "02ed5700f40445af02d1c97db25ffc2d04971d9f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.140",
"versionStartIncluding": "6.1.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix potential uninit-value access in __ip6_make_skb()\n\nAs it was done in commit fc1092f51567 (\"ipv4: Fix uninit-value access in\n__ip_make_skb()\") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6-\u003eflowi6_flags\ninstead of testing HDRINCL on the socket to avoid a race condition which\ncauses uninit-value access."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T12:39:34.551Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a05c1ede50e9656f0752e523c7b54f3a3489e9a8"
},
{
"url": "https://git.kernel.org/stable/c/68c8ba16ab712eb709c6bab80ff151079d11d97a"
},
{
"url": "https://git.kernel.org/stable/c/2367bf254f3a27ecc6e229afd7a8b0a1395f7be3"
},
{
"url": "https://git.kernel.org/stable/c/4e13d3a9c25b7080f8a619f961e943fe08c2672c"
}
],
"title": "ipv6: Fix potential uninit-value access in __ip6_make_skb()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36903",
"datePublished": "2024-05-30T15:29:04.866Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2025-05-22T12:39:34.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38390 (GCVE-0-2024-38390)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails
Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer
dereference on:
msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL);
as gpu->pdev is only assigned in:
a6xx_gpu_init()
|_ adreno_gpu_init
|_ msm_gpu_init()
Instead of relying on handwavy null checks down the cleanup chain,
explicitly de-allocate the LLC data and free a6xx_gpu instead.
Patchwork: https://patchwork.freedesktop.org/patch/588919/
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:24.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/247849eeb3fd88f8990ed73e33af70d5c10f9aec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1955a6df91355fef72a3a254700acd3cc1fec0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/617e3d1680504a3f9d88e1582892c68be155498f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46d4efcccc688cbacdd70a238bedca510acaa8e4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:21.858510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:45.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/adreno/a6xx_gpu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "247849eeb3fd88f8990ed73e33af70d5c10f9aec",
"status": "affected",
"version": "76efc2453d0e8e5d6692ef69981b183ad674edea",
"versionType": "git"
},
{
"lessThan": "a1955a6df91355fef72a3a254700acd3cc1fec0d",
"status": "affected",
"version": "76efc2453d0e8e5d6692ef69981b183ad674edea",
"versionType": "git"
},
{
"lessThan": "617e3d1680504a3f9d88e1582892c68be155498f",
"status": "affected",
"version": "76efc2453d0e8e5d6692ef69981b183ad674edea",
"versionType": "git"
},
{
"lessThan": "46d4efcccc688cbacdd70a238bedca510acaa8e4",
"status": "affected",
"version": "76efc2453d0e8e5d6692ef69981b183ad674edea",
"versionType": "git"
},
{
"status": "affected",
"version": "5fea4202b5faccfc6449381a299e8ce4b994d666",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/adreno/a6xx_gpu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails\n\nCalling a6xx_destroy() before adreno_gpu_init() leads to a null pointer\ndereference on:\n\nmsm_gpu_cleanup() : platform_set_drvdata(gpu-\u003epdev, NULL);\n\nas gpu-\u003epdev is only assigned in:\n\na6xx_gpu_init()\n|_ adreno_gpu_init\n |_ msm_gpu_init()\n\nInstead of relying on handwavy null checks down the cleanup chain,\nexplicitly de-allocate the LLC data and free a6xx_gpu instead.\n\nPatchwork: https://patchwork.freedesktop.org/patch/588919/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:41.038Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/247849eeb3fd88f8990ed73e33af70d5c10f9aec"
},
{
"url": "https://git.kernel.org/stable/c/a1955a6df91355fef72a3a254700acd3cc1fec0d"
},
{
"url": "https://git.kernel.org/stable/c/617e3d1680504a3f9d88e1582892c68be155498f"
},
{
"url": "https://git.kernel.org/stable/c/46d4efcccc688cbacdd70a238bedca510acaa8e4"
}
],
"title": "drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38390",
"datePublished": "2024-06-21T10:18:13.639Z",
"dateReserved": "2024-06-21T10:12:11.484Z",
"dateUpdated": "2025-05-04T12:56:41.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38600 (GCVE-0-2024-38600)
Vulnerability from cvelistv5
Published
2024-06-19 13:45
Modified
2025-05-21 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: Fix deadlocks with kctl removals at disconnection
In snd_card_disconnect(), we set card->shutdown flag at the beginning,
call callbacks and do sync for card->power_ref_sleep waiters at the
end. The callback may delete a kctl element, and this can lead to a
deadlock when the device was in the suspended state. Namely:
* A process waits for the power up at snd_power_ref_and_wait() in
snd_ctl_info() or read/write() inside card->controls_rwsem.
* The system gets disconnected meanwhile, and the driver tries to
delete a kctl via snd_ctl_remove*(); it tries to take
card->controls_rwsem again, but this is already locked by the
above. Since the sleeper isn't woken up, this deadlocks.
An easy fix is to wake up sleepers before processing the driver
disconnect callbacks but right after setting the card->shutdown flag.
Then all sleepers will abort immediately, and the code flows again.
So, basically this patch moves the wait_event() call at the right
timing. While we're at it, just to be sure, call wait_event_all()
instead of wait_event(), although we don't use exclusive events on
this queue for now.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e94fdbd7b25d87e64688bb109e2c550217a4c879 Version: e94fdbd7b25d87e64688bb109e2c550217a4c879 Version: e94fdbd7b25d87e64688bb109e2c550217a4c879 Version: e94fdbd7b25d87e64688bb109e2c550217a4c879 Version: e94fdbd7b25d87e64688bb109e2c550217a4c879 Version: e94fdbd7b25d87e64688bb109e2c550217a4c879 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff80185e7b7b547a0911fcfc8aefc61c3e8304d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2fb439f4f1425a961d20bec818fed2c2d9ef70a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f103287ef7960854808930499d1181bd0145d68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88ce3fe255d58a93624b467af036dc3519f309c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b55e879e7bd023a03888fc6c8339edf82f576f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87988a534d8e12f2e6fc01fe63e6c1925dc5307c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:24.578390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:54.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/core/init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ff80185e7b7b547a0911fcfc8aefc61c3e8304d7",
"status": "affected",
"version": "e94fdbd7b25d87e64688bb109e2c550217a4c879",
"versionType": "git"
},
{
"lessThan": "c2fb439f4f1425a961d20bec818fed2c2d9ef70a",
"status": "affected",
"version": "e94fdbd7b25d87e64688bb109e2c550217a4c879",
"versionType": "git"
},
{
"lessThan": "2f103287ef7960854808930499d1181bd0145d68",
"status": "affected",
"version": "e94fdbd7b25d87e64688bb109e2c550217a4c879",
"versionType": "git"
},
{
"lessThan": "88ce3fe255d58a93624b467af036dc3519f309c7",
"status": "affected",
"version": "e94fdbd7b25d87e64688bb109e2c550217a4c879",
"versionType": "git"
},
{
"lessThan": "6b55e879e7bd023a03888fc6c8339edf82f576f4",
"status": "affected",
"version": "e94fdbd7b25d87e64688bb109e2c550217a4c879",
"versionType": "git"
},
{
"lessThan": "87988a534d8e12f2e6fc01fe63e6c1925dc5307c",
"status": "affected",
"version": "e94fdbd7b25d87e64688bb109e2c550217a4c879",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/core/init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: Fix deadlocks with kctl removals at disconnection\n\nIn snd_card_disconnect(), we set card-\u003eshutdown flag at the beginning,\ncall callbacks and do sync for card-\u003epower_ref_sleep waiters at the\nend. The callback may delete a kctl element, and this can lead to a\ndeadlock when the device was in the suspended state. Namely:\n\n* A process waits for the power up at snd_power_ref_and_wait() in\n snd_ctl_info() or read/write() inside card-\u003econtrols_rwsem.\n\n* The system gets disconnected meanwhile, and the driver tries to\n delete a kctl via snd_ctl_remove*(); it tries to take\n card-\u003econtrols_rwsem again, but this is already locked by the\n above. Since the sleeper isn\u0027t woken up, this deadlocks.\n\nAn easy fix is to wake up sleepers before processing the driver\ndisconnect callbacks but right after setting the card-\u003eshutdown flag.\nThen all sleepers will abort immediately, and the code flows again.\n\nSo, basically this patch moves the wait_event() call at the right\ntiming. While we\u0027re at it, just to be sure, call wait_event_all()\ninstead of wait_event(), although we don\u0027t use exclusive events on\nthis queue for now."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:12:43.203Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ff80185e7b7b547a0911fcfc8aefc61c3e8304d7"
},
{
"url": "https://git.kernel.org/stable/c/c2fb439f4f1425a961d20bec818fed2c2d9ef70a"
},
{
"url": "https://git.kernel.org/stable/c/2f103287ef7960854808930499d1181bd0145d68"
},
{
"url": "https://git.kernel.org/stable/c/88ce3fe255d58a93624b467af036dc3519f309c7"
},
{
"url": "https://git.kernel.org/stable/c/6b55e879e7bd023a03888fc6c8339edf82f576f4"
},
{
"url": "https://git.kernel.org/stable/c/87988a534d8e12f2e6fc01fe63e6c1925dc5307c"
}
],
"title": "ALSA: Fix deadlocks with kctl removals at disconnection",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38600",
"datePublished": "2024-06-19T13:45:48.635Z",
"dateReserved": "2024-06-18T19:36:34.932Z",
"dateUpdated": "2025-05-21T09:12:43.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0091 (GCVE-0-2024-0091)
Vulnerability from cvelistv5
Published
2024-06-13 21:23
Modified
2024-08-01 17:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nvidia | GPU display driver, vGPU software, and Cloud Gaming |
Version: All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nvidia:geforce:555.99:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geforce",
"vendor": "nvidia",
"versions": [
{
"lessThan": "555.99",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:nvidia:studio:555.99:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "studio",
"vendor": "nvidia",
"versions": [
{
"lessThan": "555.99",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:nvidia:quadro_firmware:555.99:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quadro_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThan": "555.99",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "552.55",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:nvidia:nvs_firmware:555.99:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nvs_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThan": "555.99",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "552.55",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:nvidia:rtx:555.99:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rtx",
"vendor": "nvidia",
"versions": [
{
"lessThan": "555.99",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "552.55",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:nvidia:tesla:552.55:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tesla",
"vendor": "nvidia",
"versions": [
{
"lessThan": "552.55",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-15T03:55:35.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GPU display driver, vGPU software, and Cloud Gaming",
"vendor": "nvidia",
"versions": [
{
"status": "affected",
"version": "All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering."
}
],
"value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T21:23:29.556Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE"
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0091",
"datePublished": "2024-06-13T21:23:29.556Z",
"dateReserved": "2023-12-02T00:42:00.978Z",
"dateUpdated": "2024-08-01T17:41:15.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35886 (GCVE-0-2024-35886)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix infinite recursion in fib6_dump_done().
syzkaller reported infinite recursive calls of fib6_dump_done() during
netlink socket destruction. [1]
From the log, syzkaller sent an AF_UNSPEC RTM_GETROUTE message, and then
the response was generated. The following recvmmsg() resumed the dump
for IPv6, but the first call of inet6_dump_fib() failed at kzalloc() due
to the fault injection. [0]
12:01:34 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, ... snip ...)
recvmmsg(r0, ... snip ...) (fail_nth: 8)
Here, fib6_dump_done() was set to nlk_sk(sk)->cb.done, and the next call
of inet6_dump_fib() set it to nlk_sk(sk)->cb.args[3]. syzkaller stopped
receiving the response halfway through, and finally netlink_sock_destruct()
called nlk_sk(sk)->cb.done().
fib6_dump_done() calls fib6_dump_end() and nlk_sk(sk)->cb.done() if it
is still not NULL. fib6_dump_end() rewrites nlk_sk(sk)->cb.done() by
nlk_sk(sk)->cb.args[3], but it has the same function, not NULL, calling
itself recursively and hitting the stack guard page.
To avoid the issue, let's set the destructor after kzalloc().
[0]:
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 432110 Comm: syz-executor.3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl (lib/dump_stack.c:117)
should_fail_ex (lib/fault-inject.c:52 lib/fault-inject.c:153)
should_failslab (mm/slub.c:3733)
kmalloc_trace (mm/slub.c:3748 mm/slub.c:3827 mm/slub.c:3992)
inet6_dump_fib (./include/linux/slab.h:628 ./include/linux/slab.h:749 net/ipv6/ip6_fib.c:662)
rtnl_dump_all (net/core/rtnetlink.c:4029)
netlink_dump (net/netlink/af_netlink.c:2269)
netlink_recvmsg (net/netlink/af_netlink.c:1988)
____sys_recvmsg (net/socket.c:1046 net/socket.c:2801)
___sys_recvmsg (net/socket.c:2846)
do_recvmmsg (net/socket.c:2943)
__x64_sys_recvmmsg (net/socket.c:3041 net/socket.c:3034 net/socket.c:3034)
[1]:
BUG: TASK stack guard page was hit at 00000000f2fa9af1 (stack is 00000000b7912430..000000009a436beb)
stack guard page: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 223719 Comm: kworker/1:3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Workqueue: events netlink_sock_destruct_work
RIP: 0010:fib6_dump_done (net/ipv6/ip6_fib.c:570)
Code: 3c 24 e8 f3 e9 51 fd e9 28 fd ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 41 57 41 56 41 55 41 54 55 48 89 fd <53> 48 8d 5d 60 e8 b6 4d 07 fd 48 89 da 48 b8 00 00 00 00 00 fc ff
RSP: 0018:ffffc9000d980000 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffffffff84405990 RCX: ffffffff844059d3
RDX: ffff8881028e0000 RSI: ffffffff84405ac2 RDI: ffff88810c02f358
RBP: ffff88810c02f358 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000224 R12: 0000000000000000
R13: ffff888007c82c78 R14: ffff888007c82c68 R15: ffff888007c82c68
FS: 0000000000000000(0000) GS:ffff88811b100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000d97fff8 CR3: 0000000102309002 CR4: 0000000000770ef0
PKRU: 55555554
Call Trace:
<#DF>
</#DF>
<TASK>
fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))
fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))
...
fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))
fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))
netlink_sock_destruct (net/netlink/af_netlink.c:401)
__sk_destruct (net/core/sock.c:2177 (discriminator 2))
sk_destruct (net/core/sock.c:2224)
__sk_free (net/core/sock.c:2235)
sk_free (net/core/sock.c:2246)
process_one_work (kernel/workqueue.c:3259)
worker_thread (kernel/workqueue.c:3329 kernel/workqueue.
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:12:24.428695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:53.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9472d07cd095cbd3294ac54c42f304a38fbe9bfe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c5258196182c25b55c33167cd72fdd9bbf08985"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/40a344b2ddc06c1a2caa7208a43911f39c662778"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2dd75e57285f49e34af1a5b6cd8945c08243776"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a7c465a5dcd657d59d25bf4815e19ac05c13061"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_fib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9472d07cd095cbd3294ac54c42f304a38fbe9bfe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9c5258196182c25b55c33167cd72fdd9bbf08985",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "40a344b2ddc06c1a2caa7208a43911f39c662778",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f2dd75e57285f49e34af1a5b6cd8945c08243776",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4a7c465a5dcd657d59d25bf4815e19ac05c13061",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_fib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix infinite recursion in fib6_dump_done().\n\nsyzkaller reported infinite recursive calls of fib6_dump_done() during\nnetlink socket destruction. [1]\n\nFrom the log, syzkaller sent an AF_UNSPEC RTM_GETROUTE message, and then\nthe response was generated. The following recvmmsg() resumed the dump\nfor IPv6, but the first call of inet6_dump_fib() failed at kzalloc() due\nto the fault injection. [0]\n\n 12:01:34 executing program 3:\n r0 = socket$nl_route(0x10, 0x3, 0x0)\n sendmsg$nl_route(r0, ... snip ...)\n recvmmsg(r0, ... snip ...) (fail_nth: 8)\n\nHere, fib6_dump_done() was set to nlk_sk(sk)-\u003ecb.done, and the next call\nof inet6_dump_fib() set it to nlk_sk(sk)-\u003ecb.args[3]. syzkaller stopped\nreceiving the response halfway through, and finally netlink_sock_destruct()\ncalled nlk_sk(sk)-\u003ecb.done().\n\nfib6_dump_done() calls fib6_dump_end() and nlk_sk(sk)-\u003ecb.done() if it\nis still not NULL. fib6_dump_end() rewrites nlk_sk(sk)-\u003ecb.done() by\nnlk_sk(sk)-\u003ecb.args[3], but it has the same function, not NULL, calling\nitself recursively and hitting the stack guard page.\n\nTo avoid the issue, let\u0027s set the destructor after kzalloc().\n\n[0]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 1 PID: 432110 Comm: syz-executor.3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:117)\n should_fail_ex (lib/fault-inject.c:52 lib/fault-inject.c:153)\n should_failslab (mm/slub.c:3733)\n kmalloc_trace (mm/slub.c:3748 mm/slub.c:3827 mm/slub.c:3992)\n inet6_dump_fib (./include/linux/slab.h:628 ./include/linux/slab.h:749 net/ipv6/ip6_fib.c:662)\n rtnl_dump_all (net/core/rtnetlink.c:4029)\n netlink_dump (net/netlink/af_netlink.c:2269)\n netlink_recvmsg (net/netlink/af_netlink.c:1988)\n ____sys_recvmsg (net/socket.c:1046 net/socket.c:2801)\n ___sys_recvmsg (net/socket.c:2846)\n do_recvmmsg (net/socket.c:2943)\n __x64_sys_recvmmsg (net/socket.c:3041 net/socket.c:3034 net/socket.c:3034)\n\n[1]:\nBUG: TASK stack guard page was hit at 00000000f2fa9af1 (stack is 00000000b7912430..000000009a436beb)\nstack guard page: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 PID: 223719 Comm: kworker/1:3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: events netlink_sock_destruct_work\nRIP: 0010:fib6_dump_done (net/ipv6/ip6_fib.c:570)\nCode: 3c 24 e8 f3 e9 51 fd e9 28 fd ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 41 57 41 56 41 55 41 54 55 48 89 fd \u003c53\u003e 48 8d 5d 60 e8 b6 4d 07 fd 48 89 da 48 b8 00 00 00 00 00 fc ff\nRSP: 0018:ffffc9000d980000 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffffffff84405990 RCX: ffffffff844059d3\nRDX: ffff8881028e0000 RSI: ffffffff84405ac2 RDI: ffff88810c02f358\nRBP: ffff88810c02f358 R08: 0000000000000007 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000224 R12: 0000000000000000\nR13: ffff888007c82c78 R14: ffff888007c82c68 R15: ffff888007c82c68\nFS: 0000000000000000(0000) GS:ffff88811b100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000d97fff8 CR3: 0000000102309002 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003c#DF\u003e\n \u003c/#DF\u003e\n \u003cTASK\u003e\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n ...\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n netlink_sock_destruct (net/netlink/af_netlink.c:401)\n __sk_destruct (net/core/sock.c:2177 (discriminator 2))\n sk_destruct (net/core/sock.c:2224)\n __sk_free (net/core/sock.c:2235)\n sk_free (net/core/sock.c:2246)\n process_one_work (kernel/workqueue.c:3259)\n worker_thread (kernel/workqueue.c:3329 kernel/workqueue.\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:36.421Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9472d07cd095cbd3294ac54c42f304a38fbe9bfe"
},
{
"url": "https://git.kernel.org/stable/c/9c5258196182c25b55c33167cd72fdd9bbf08985"
},
{
"url": "https://git.kernel.org/stable/c/fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6"
},
{
"url": "https://git.kernel.org/stable/c/40a344b2ddc06c1a2caa7208a43911f39c662778"
},
{
"url": "https://git.kernel.org/stable/c/167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2"
},
{
"url": "https://git.kernel.org/stable/c/f2dd75e57285f49e34af1a5b6cd8945c08243776"
},
{
"url": "https://git.kernel.org/stable/c/4a7c465a5dcd657d59d25bf4815e19ac05c13061"
},
{
"url": "https://git.kernel.org/stable/c/d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae"
}
],
"title": "ipv6: Fix infinite recursion in fib6_dump_done().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35886",
"datePublished": "2024-05-19T08:34:42.694Z",
"dateReserved": "2024-05-17T13:50:33.112Z",
"dateUpdated": "2025-05-04T09:07:36.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38618 (GCVE-0-2024-38618)
Vulnerability from cvelistv5
Published
2024-06-19 13:56
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: timer: Set lower bound of start tick time
Currently ALSA timer doesn't have the lower limit of the start tick
time, and it allows a very small size, e.g. 1 tick with 1ns resolution
for hrtimer. Such a situation may lead to an unexpected RCU stall,
where the callback repeatedly queuing the expire update, as reported
by fuzzer.
This patch introduces a sanity check of the timer start tick time, so
that the system returns an error when a too small start size is set.
As of this patch, the lower limit is hard-coded to 100us, which is
small enough but can still work somehow.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:01:19.317734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:19:00.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68396c825c43664b20a3a1ba546844deb2b4e48f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/74bfb8d90f2601718ae203faf45a196844c01fa1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bdd0aa055b8ec7e24bbc19513f3231958741d0ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83f0ba8592b9e258fd80ac6486510ab1dcd7ad6e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ceab795a67dd28dd942d0d8bba648c6c0f7a044b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c95241ac5fc90c929d6c0c023e84bf0d30e84c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/abb1ad69d98cf1ff25bb14fff0e7c3f66239e1cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/core/timer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "68396c825c43664b20a3a1ba546844deb2b4e48f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "74bfb8d90f2601718ae203faf45a196844c01fa1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bdd0aa055b8ec7e24bbc19513f3231958741d0ab",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "83f0ba8592b9e258fd80ac6486510ab1dcd7ad6e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ceab795a67dd28dd942d0d8bba648c6c0f7a044b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2c95241ac5fc90c929d6c0c023e84bf0d30e84c3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "abb1ad69d98cf1ff25bb14fff0e7c3f66239e1cd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/core/timer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: timer: Set lower bound of start tick time\n\nCurrently ALSA timer doesn\u0027t have the lower limit of the start tick\ntime, and it allows a very small size, e.g. 1 tick with 1ns resolution\nfor hrtimer. Such a situation may lead to an unexpected RCU stall,\nwhere the callback repeatedly queuing the expire update, as reported\nby fuzzer.\n\nThis patch introduces a sanity check of the timer start tick time, so\nthat the system returns an error when a too small start size is set.\nAs of this patch, the lower limit is hard-coded to 100us, which is\nsmall enough but can still work somehow."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:24.983Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/68396c825c43664b20a3a1ba546844deb2b4e48f"
},
{
"url": "https://git.kernel.org/stable/c/74bfb8d90f2601718ae203faf45a196844c01fa1"
},
{
"url": "https://git.kernel.org/stable/c/bdd0aa055b8ec7e24bbc19513f3231958741d0ab"
},
{
"url": "https://git.kernel.org/stable/c/83f0ba8592b9e258fd80ac6486510ab1dcd7ad6e"
},
{
"url": "https://git.kernel.org/stable/c/ceab795a67dd28dd942d0d8bba648c6c0f7a044b"
},
{
"url": "https://git.kernel.org/stable/c/2c95241ac5fc90c929d6c0c023e84bf0d30e84c3"
},
{
"url": "https://git.kernel.org/stable/c/abb1ad69d98cf1ff25bb14fff0e7c3f66239e1cd"
},
{
"url": "https://git.kernel.org/stable/c/4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e"
}
],
"title": "ALSA: timer: Set lower bound of start tick time",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38618",
"datePublished": "2024-06-19T13:56:17.422Z",
"dateReserved": "2024-06-18T19:36:34.945Z",
"dateUpdated": "2025-05-04T09:15:24.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39296 (GCVE-0-2024-39296)
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2025-05-04 09:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bonding: fix oops during rmmod
"rmmod bonding" causes an oops ever since commit cc317ea3d927 ("bonding:
remove redundant NULL check in debugfs function"). Here are the relevant
functions being called:
bonding_exit()
bond_destroy_debugfs()
debugfs_remove_recursive(bonding_debug_root);
bonding_debug_root = NULL; <--------- SET TO NULL HERE
bond_netlink_fini()
rtnl_link_unregister()
__rtnl_link_unregister()
unregister_netdevice_many_notify()
bond_uninit()
bond_debug_unregister()
(commit removed check for bonding_debug_root == NULL)
debugfs_remove()
simple_recursive_removal()
down_write() -> OOPS
However, reverting the bad commit does not solve the problem completely
because the original code contains a race that could cause the same
oops, although it was much less likely to be triggered unintentionally:
CPU1
rmmod bonding
bonding_exit()
bond_destroy_debugfs()
debugfs_remove_recursive(bonding_debug_root);
CPU2
echo -bond0 > /sys/class/net/bonding_masters
bond_uninit()
bond_debug_unregister()
if (!bonding_debug_root)
CPU1
bonding_debug_root = NULL;
So do NOT revert the bad commit (since the removed checks were racy
anyway), and instead change the order of actions taken during module
removal. The same oops can also happen if there is an error during
module init, so apply the same fix there.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T20:46:46.560534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T20:46:55.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f07224c16678a8af54ddc059b3d2d51885d7f35e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf48aee81103ca06d09d73d33fb72f1191069aa6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a45835a0bb6ef7d5ddbc0714dd760de979cb6ece"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/bonding/bond_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f07224c16678a8af54ddc059b3d2d51885d7f35e",
"status": "affected",
"version": "cc317ea3d9272fab4f6fef527c865f30ca479394",
"versionType": "git"
},
{
"lessThan": "cf48aee81103ca06d09d73d33fb72f1191069aa6",
"status": "affected",
"version": "cc317ea3d9272fab4f6fef527c865f30ca479394",
"versionType": "git"
},
{
"lessThan": "a45835a0bb6ef7d5ddbc0714dd760de979cb6ece",
"status": "affected",
"version": "cc317ea3d9272fab4f6fef527c865f30ca479394",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/bonding/bond_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.34",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.5",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix oops during rmmod\n\n\"rmmod bonding\" causes an oops ever since commit cc317ea3d927 (\"bonding:\nremove redundant NULL check in debugfs function\"). Here are the relevant\nfunctions being called:\n\nbonding_exit()\n bond_destroy_debugfs()\n debugfs_remove_recursive(bonding_debug_root);\n bonding_debug_root = NULL; \u003c--------- SET TO NULL HERE\n bond_netlink_fini()\n rtnl_link_unregister()\n __rtnl_link_unregister()\n unregister_netdevice_many_notify()\n bond_uninit()\n bond_debug_unregister()\n (commit removed check for bonding_debug_root == NULL)\n debugfs_remove()\n simple_recursive_removal()\n down_write() -\u003e OOPS\n\nHowever, reverting the bad commit does not solve the problem completely\nbecause the original code contains a race that could cause the same\noops, although it was much less likely to be triggered unintentionally:\n\nCPU1\n rmmod bonding\n bonding_exit()\n bond_destroy_debugfs()\n debugfs_remove_recursive(bonding_debug_root);\n\nCPU2\n echo -bond0 \u003e /sys/class/net/bonding_masters\n bond_uninit()\n bond_debug_unregister()\n if (!bonding_debug_root)\n\nCPU1\n bonding_debug_root = NULL;\n\nSo do NOT revert the bad commit (since the removed checks were racy\nanyway), and instead change the order of actions taken during module\nremoval. The same oops can also happen if there is an error during\nmodule init, so apply the same fix there."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:16:14.106Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f07224c16678a8af54ddc059b3d2d51885d7f35e"
},
{
"url": "https://git.kernel.org/stable/c/cf48aee81103ca06d09d73d33fb72f1191069aa6"
},
{
"url": "https://git.kernel.org/stable/c/a45835a0bb6ef7d5ddbc0714dd760de979cb6ece"
}
],
"title": "bonding: fix oops during rmmod",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39296",
"datePublished": "2024-06-25T14:22:40.218Z",
"dateReserved": "2024-06-24T13:54:11.074Z",
"dateUpdated": "2025-05-04T09:16:14.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36882 (GCVE-0-2024-36882)
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm: use memalloc_nofs_save() in page_cache_ra_order()
See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"),
ensure that page_cache_ra_order() do not attempt to reclaim file-backed
pages too, or it leads to a deadlock, found issue when test ext4 large
folio.
INFO: task DataXceiver for:7494 blocked for more than 120 seconds.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200
Call trace:
__switch_to+0x14c/0x240
__schedule+0x82c/0xdd0
schedule+0x58/0xf0
io_schedule+0x24/0xa0
__folio_lock+0x130/0x300
migrate_pages_batch+0x378/0x918
migrate_pages+0x350/0x700
compact_zone+0x63c/0xb38
compact_zone_order+0xc0/0x118
try_to_compact_pages+0xb0/0x280
__alloc_pages_direct_compact+0x98/0x248
__alloc_pages+0x510/0x1110
alloc_pages+0x9c/0x130
folio_alloc+0x20/0x78
filemap_alloc_folio+0x8c/0x1b0
page_cache_ra_order+0x174/0x308
ondemand_readahead+0x1c8/0x2b8
page_cache_async_ra+0x68/0xb8
filemap_readahead.isra.0+0x64/0xa8
filemap_get_pages+0x3fc/0x5b0
filemap_splice_read+0xf4/0x280
ext4_file_splice_read+0x2c/0x48 [ext4]
vfs_splice_read.part.0+0xa8/0x118
splice_direct_to_actor+0xbc/0x288
do_splice_direct+0x9c/0x108
do_sendfile+0x328/0x468
__arm64_sys_sendfile64+0x8c/0x148
invoke_syscall+0x4c/0x118
el0_svc_common.constprop.0+0xc8/0xf0
do_el0_svc+0x24/0x38
el0_svc+0x4c/0x1f8
el0t_64_sync_handler+0xc0/0xc8
el0t_64_sync+0x188/0x190
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T17:54:43.270957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:54:51.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7629ef6dda1564098aadeef38e5fbd11ee8627c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/468971c3f4b8187f25334503b68050a0e1370147"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf6a1d16c6df3c30b03f0c6a92a2ba7f86dffb45"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/30153e4466647a17eebfced13eede5cbe4290e69"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/readahead.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7629ef6dda1564098aadeef38e5fbd11ee8627c4",
"status": "affected",
"version": "793917d997df2e432f3e9ac126e4482d68256d01",
"versionType": "git"
},
{
"lessThan": "468971c3f4b8187f25334503b68050a0e1370147",
"status": "affected",
"version": "793917d997df2e432f3e9ac126e4482d68256d01",
"versionType": "git"
},
{
"lessThan": "cf6a1d16c6df3c30b03f0c6a92a2ba7f86dffb45",
"status": "affected",
"version": "793917d997df2e432f3e9ac126e4482d68256d01",
"versionType": "git"
},
{
"lessThan": "30153e4466647a17eebfced13eede5cbe4290e69",
"status": "affected",
"version": "793917d997df2e432f3e9ac126e4482d68256d01",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/readahead.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: use memalloc_nofs_save() in page_cache_ra_order()\n\nSee commit f2c817bed58d (\"mm: use memalloc_nofs_save in readahead path\"),\nensure that page_cache_ra_order() do not attempt to reclaim file-backed\npages too, or it leads to a deadlock, found issue when test ext4 large\nfolio.\n\n INFO: task DataXceiver for:7494 blocked for more than 120 seconds.\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200\n Call trace:\n __switch_to+0x14c/0x240\n __schedule+0x82c/0xdd0\n schedule+0x58/0xf0\n io_schedule+0x24/0xa0\n __folio_lock+0x130/0x300\n migrate_pages_batch+0x378/0x918\n migrate_pages+0x350/0x700\n compact_zone+0x63c/0xb38\n compact_zone_order+0xc0/0x118\n try_to_compact_pages+0xb0/0x280\n __alloc_pages_direct_compact+0x98/0x248\n __alloc_pages+0x510/0x1110\n alloc_pages+0x9c/0x130\n folio_alloc+0x20/0x78\n filemap_alloc_folio+0x8c/0x1b0\n page_cache_ra_order+0x174/0x308\n ondemand_readahead+0x1c8/0x2b8\n page_cache_async_ra+0x68/0xb8\n filemap_readahead.isra.0+0x64/0xa8\n filemap_get_pages+0x3fc/0x5b0\n filemap_splice_read+0xf4/0x280\n ext4_file_splice_read+0x2c/0x48 [ext4]\n vfs_splice_read.part.0+0xa8/0x118\n splice_direct_to_actor+0xbc/0x288\n do_splice_direct+0x9c/0x108\n do_sendfile+0x328/0x468\n __arm64_sys_sendfile64+0x8c/0x148\n invoke_syscall+0x4c/0x118\n el0_svc_common.constprop.0+0xc8/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x4c/0x1f8\n el0t_64_sync_handler+0xc0/0xc8\n el0t_64_sync+0x188/0x190"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:21.049Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7629ef6dda1564098aadeef38e5fbd11ee8627c4"
},
{
"url": "https://git.kernel.org/stable/c/468971c3f4b8187f25334503b68050a0e1370147"
},
{
"url": "https://git.kernel.org/stable/c/cf6a1d16c6df3c30b03f0c6a92a2ba7f86dffb45"
},
{
"url": "https://git.kernel.org/stable/c/30153e4466647a17eebfced13eede5cbe4290e69"
}
],
"title": "mm: use memalloc_nofs_save() in page_cache_ra_order()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36882",
"datePublished": "2024-05-30T15:28:52.706Z",
"dateReserved": "2024-05-30T15:25:07.064Z",
"dateUpdated": "2025-05-04T09:11:21.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38570 (GCVE-0-2024-38570)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix potential glock use-after-free on unmount
When a DLM lockspace is released and there ares still locks in that
lockspace, DLM will unlock those locks automatically. Commit
fb6791d100d1b started exploiting this behavior to speed up filesystem
unmount: gfs2 would simply free glocks it didn't want to unlock and then
release the lockspace. This didn't take the bast callbacks for
asynchronous lock contention notifications into account, which remain
active until until a lock is unlocked or its lockspace is released.
To prevent those callbacks from accessing deallocated objects, put the
glocks that should not be unlocked on the sd_dead_glocks list, release
the lockspace, and only then free those glocks.
As an additional measure, ignore unexpected ast and bast callbacks if
the receiving glock is dead.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0636b34b44589b142700ac137b5f69802cfe2e37"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e42e8a24d7f02d28763d16ca7ec5fc6d1f142af0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/501cd8fabf621d10bd4893e37f6ce6c20523c8ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d98779e687726d8f8860f1c54b5687eec5f63a73"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:22.126008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:56.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/gfs2/glock.c",
"fs/gfs2/glock.h",
"fs/gfs2/incore.h",
"fs/gfs2/lock_dlm.c",
"fs/gfs2/ops_fstype.c",
"fs/gfs2/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0636b34b44589b142700ac137b5f69802cfe2e37",
"status": "affected",
"version": "fb6791d100d1bba20b5cdbc4912e1f7086ec60f8",
"versionType": "git"
},
{
"lessThan": "e42e8a24d7f02d28763d16ca7ec5fc6d1f142af0",
"status": "affected",
"version": "fb6791d100d1bba20b5cdbc4912e1f7086ec60f8",
"versionType": "git"
},
{
"lessThan": "501cd8fabf621d10bd4893e37f6ce6c20523c8ca",
"status": "affected",
"version": "fb6791d100d1bba20b5cdbc4912e1f7086ec60f8",
"versionType": "git"
},
{
"lessThan": "d98779e687726d8f8860f1c54b5687eec5f63a73",
"status": "affected",
"version": "fb6791d100d1bba20b5cdbc4912e1f7086ec60f8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/gfs2/glock.c",
"fs/gfs2/glock.h",
"fs/gfs2/incore.h",
"fs/gfs2/lock_dlm.c",
"fs/gfs2/ops_fstype.c",
"fs/gfs2/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix potential glock use-after-free on unmount\n\nWhen a DLM lockspace is released and there ares still locks in that\nlockspace, DLM will unlock those locks automatically. Commit\nfb6791d100d1b started exploiting this behavior to speed up filesystem\nunmount: gfs2 would simply free glocks it didn\u0027t want to unlock and then\nrelease the lockspace. This didn\u0027t take the bast callbacks for\nasynchronous lock contention notifications into account, which remain\nactive until until a lock is unlocked or its lockspace is released.\n\nTo prevent those callbacks from accessing deallocated objects, put the\nglocks that should not be unlocked on the sd_dead_glocks list, release\nthe lockspace, and only then free those glocks.\n\nAs an additional measure, ignore unexpected ast and bast callbacks if\nthe receiving glock is dead."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:20.334Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0636b34b44589b142700ac137b5f69802cfe2e37"
},
{
"url": "https://git.kernel.org/stable/c/e42e8a24d7f02d28763d16ca7ec5fc6d1f142af0"
},
{
"url": "https://git.kernel.org/stable/c/501cd8fabf621d10bd4893e37f6ce6c20523c8ca"
},
{
"url": "https://git.kernel.org/stable/c/d98779e687726d8f8860f1c54b5687eec5f63a73"
}
],
"title": "gfs2: Fix potential glock use-after-free on unmount",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38570",
"datePublished": "2024-06-19T13:35:36.274Z",
"dateReserved": "2024-06-18T19:36:34.923Z",
"dateUpdated": "2025-05-04T09:14:20.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38579 (GCVE-0-2024-38579)
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: bcm - Fix pointer arithmetic
In spu2_dump_omd() value of ptr is increased by ciph_key_len
instead of hash_iv_len which could lead to going beyond the
buffer boundaries.
Fix this bug by changing ciph_key_len to hash_iv_len.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 Version: 9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c256b616067bfd6d274c679c06986b78d2402434"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e719c8991c161977a67197775067ab456b518c7b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ebed0d666fa709bae9e8cafa8ec6e7ebd1d318c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c69a1e4b419c2c466dd8c5602bdebadc353973dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49833a8da6407e7e9b532cc4054fdbcaf78f5fdd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0f14ae223c2421b334c1f1a9e48f1e809aee3a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0082ee420639a97e40cae66778b02b341b005e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b7a40740f04e2f27114dfd6225c5e721dda9d57"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:03.011266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:55.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/bcm/spu2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c256b616067bfd6d274c679c06986b78d2402434",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "e719c8991c161977a67197775067ab456b518c7b",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "ebed0d666fa709bae9e8cafa8ec6e7ebd1d318c6",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "c69a1e4b419c2c466dd8c5602bdebadc353973dd",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "49833a8da6407e7e9b532cc4054fdbcaf78f5fdd",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "d0f14ae223c2421b334c1f1a9e48f1e809aee3a0",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "c0082ee420639a97e40cae66778b02b341b005e5",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "3b7a40740f04e2f27114dfd6225c5e721dda9d57",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
},
{
"lessThan": "2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9",
"status": "affected",
"version": "9d12ba86f818aa9cfe9f01b750336aa441f2ffa2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/bcm/spu2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: bcm - Fix pointer arithmetic\n\nIn spu2_dump_omd() value of ptr is increased by ciph_key_len\ninstead of hash_iv_len which could lead to going beyond the\nbuffer boundaries.\nFix this bug by changing ciph_key_len to hash_iv_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:32.487Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c256b616067bfd6d274c679c06986b78d2402434"
},
{
"url": "https://git.kernel.org/stable/c/e719c8991c161977a67197775067ab456b518c7b"
},
{
"url": "https://git.kernel.org/stable/c/ebed0d666fa709bae9e8cafa8ec6e7ebd1d318c6"
},
{
"url": "https://git.kernel.org/stable/c/c69a1e4b419c2c466dd8c5602bdebadc353973dd"
},
{
"url": "https://git.kernel.org/stable/c/49833a8da6407e7e9b532cc4054fdbcaf78f5fdd"
},
{
"url": "https://git.kernel.org/stable/c/d0f14ae223c2421b334c1f1a9e48f1e809aee3a0"
},
{
"url": "https://git.kernel.org/stable/c/c0082ee420639a97e40cae66778b02b341b005e5"
},
{
"url": "https://git.kernel.org/stable/c/3b7a40740f04e2f27114dfd6225c5e721dda9d57"
},
{
"url": "https://git.kernel.org/stable/c/2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9"
}
],
"title": "crypto: bcm - Fix pointer arithmetic",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38579",
"datePublished": "2024-06-19T13:37:37.154Z",
"dateReserved": "2024-06-18T19:36:34.926Z",
"dateUpdated": "2025-05-04T09:14:32.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38601 (GCVE-0-2024-38601)
Vulnerability from cvelistv5
Published
2024-06-19 13:48
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ring-buffer: Fix a race between readers and resize checks
The reader code in rb_get_reader_page() swaps a new reader page into the
ring buffer by doing cmpxchg on old->list.prev->next to point it to the
new page. Following that, if the operation is successful,
old->list.next->prev gets updated too. This means the underlying
doubly-linked list is temporarily inconsistent, page->prev->next or
page->next->prev might not be equal back to page for some page in the
ring buffer.
The resize operation in ring_buffer_resize() can be invoked in parallel.
It calls rb_check_pages() which can detect the described inconsistency
and stop further tracing:
[ 190.271762] ------------[ cut here ]------------
[ 190.271771] WARNING: CPU: 1 PID: 6186 at kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0
[ 190.271789] Modules linked in: [...]
[ 190.271991] Unloaded tainted modules: intel_uncore_frequency(E):1 skx_edac(E):1
[ 190.272002] CPU: 1 PID: 6186 Comm: cmd.sh Kdump: loaded Tainted: G E 6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f
[ 190.272011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014
[ 190.272015] RIP: 0010:rb_check_pages.isra.0+0x6a/0xa0
[ 190.272023] Code: [...]
[ 190.272028] RSP: 0018:ffff9c37463abb70 EFLAGS: 00010206
[ 190.272034] RAX: ffff8eba04b6cb80 RBX: 0000000000000007 RCX: ffff8eba01f13d80
[ 190.272038] RDX: ffff8eba01f130c0 RSI: ffff8eba04b6cd00 RDI: ffff8eba0004c700
[ 190.272042] RBP: ffff8eba0004c700 R08: 0000000000010002 R09: 0000000000000000
[ 190.272045] R10: 00000000ffff7f52 R11: ffff8eba7f600000 R12: ffff8eba0004c720
[ 190.272049] R13: ffff8eba00223a00 R14: 0000000000000008 R15: ffff8eba067a8000
[ 190.272053] FS: 00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000
[ 190.272057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 190.272061] CR2: 00007f1bd6662590 CR3: 000000010291e001 CR4: 0000000000370ef0
[ 190.272070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 190.272073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 190.272077] Call Trace:
[ 190.272098] <TASK>
[ 190.272189] ring_buffer_resize+0x2ab/0x460
[ 190.272199] __tracing_resize_ring_buffer.part.0+0x23/0xa0
[ 190.272206] tracing_resize_ring_buffer+0x65/0x90
[ 190.272216] tracing_entries_write+0x74/0xc0
[ 190.272225] vfs_write+0xf5/0x420
[ 190.272248] ksys_write+0x67/0xe0
[ 190.272256] do_syscall_64+0x82/0x170
[ 190.272363] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 190.272373] RIP: 0033:0x7f1bd657d263
[ 190.272381] Code: [...]
[ 190.272385] RSP: 002b:00007ffe72b643f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 190.272391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1bd657d263
[ 190.272395] RDX: 0000000000000002 RSI: 0000555a6eb538e0 RDI: 0000000000000001
[ 190.272398] RBP: 0000555a6eb538e0 R08: 000000000000000a R09: 0000000000000000
[ 190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500
[ 190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002
[ 190.272412] </TASK>
[ 190.272414] ---[ end trace 0000000000000000 ]---
Note that ring_buffer_resize() calls rb_check_pages() only if the parent
trace_buffer has recording disabled. Recent commit d78ab792705c
("tracing: Stop current tracer when resizing buffer") causes that it is
now always the case which makes it more likely to experience this issue.
The window to hit this race is nonetheless very small. To help
reproducing it, one can add a delay loop in rb_get_reader_page():
ret = rb_head_page_replace(reader, cpu_buffer->reader_page);
if (!ret)
goto spin;
for (unsigned i = 0; i < 1U << 26; i++) /* inserted delay loop */
__asm__ __volatile__ ("" : : : "memory");
rb_list_head(reader->list.next)->prev = &cpu_buffer->reader_page->list;
..
---truncated---
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 Version: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b50932ea673b5a089a4bb570a8a868d95c72854e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e160196042cac946798ac192a0bc3398f1aa66b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/595363182f28786d641666a09e674b852c83b4bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54c64967ba5f8658ae7da76005024ebd3d9d8f6e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af3274905b3143ea23142bbf77bd9b610c54e533"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79b52013429a42b8efdb0cda8bb0041386abab87"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2274b908db05529980ec056359fae916939fdaa"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:21.471342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:54.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/ring_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b50932ea673b5a089a4bb570a8a868d95c72854e",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "1e160196042cac946798ac192a0bc3398f1aa66b",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "595363182f28786d641666a09e674b852c83b4bb",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "54c64967ba5f8658ae7da76005024ebd3d9d8f6e",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "af3274905b3143ea23142bbf77bd9b610c54e533",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "79b52013429a42b8efdb0cda8bb0041386abab87",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
},
{
"lessThan": "c2274b908db05529980ec056359fae916939fdaa",
"status": "affected",
"version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/ring_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.5"
},
{
"lessThan": "3.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix a race between readers and resize checks\n\nThe reader code in rb_get_reader_page() swaps a new reader page into the\nring buffer by doing cmpxchg on old-\u003elist.prev-\u003enext to point it to the\nnew page. Following that, if the operation is successful,\nold-\u003elist.next-\u003eprev gets updated too. This means the underlying\ndoubly-linked list is temporarily inconsistent, page-\u003eprev-\u003enext or\npage-\u003enext-\u003eprev might not be equal back to page for some page in the\nring buffer.\n\nThe resize operation in ring_buffer_resize() can be invoked in parallel.\nIt calls rb_check_pages() which can detect the described inconsistency\nand stop further tracing:\n\n[ 190.271762] ------------[ cut here ]------------\n[ 190.271771] WARNING: CPU: 1 PID: 6186 at kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0\n[ 190.271789] Modules linked in: [...]\n[ 190.271991] Unloaded tainted modules: intel_uncore_frequency(E):1 skx_edac(E):1\n[ 190.272002] CPU: 1 PID: 6186 Comm: cmd.sh Kdump: loaded Tainted: G E 6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f\n[ 190.272011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014\n[ 190.272015] RIP: 0010:rb_check_pages.isra.0+0x6a/0xa0\n[ 190.272023] Code: [...]\n[ 190.272028] RSP: 0018:ffff9c37463abb70 EFLAGS: 00010206\n[ 190.272034] RAX: ffff8eba04b6cb80 RBX: 0000000000000007 RCX: ffff8eba01f13d80\n[ 190.272038] RDX: ffff8eba01f130c0 RSI: ffff8eba04b6cd00 RDI: ffff8eba0004c700\n[ 190.272042] RBP: ffff8eba0004c700 R08: 0000000000010002 R09: 0000000000000000\n[ 190.272045] R10: 00000000ffff7f52 R11: ffff8eba7f600000 R12: ffff8eba0004c720\n[ 190.272049] R13: ffff8eba00223a00 R14: 0000000000000008 R15: ffff8eba067a8000\n[ 190.272053] FS: 00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000\n[ 190.272057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 190.272061] CR2: 00007f1bd6662590 CR3: 000000010291e001 CR4: 0000000000370ef0\n[ 190.272070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 190.272073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 190.272077] Call Trace:\n[ 190.272098] \u003cTASK\u003e\n[ 190.272189] ring_buffer_resize+0x2ab/0x460\n[ 190.272199] __tracing_resize_ring_buffer.part.0+0x23/0xa0\n[ 190.272206] tracing_resize_ring_buffer+0x65/0x90\n[ 190.272216] tracing_entries_write+0x74/0xc0\n[ 190.272225] vfs_write+0xf5/0x420\n[ 190.272248] ksys_write+0x67/0xe0\n[ 190.272256] do_syscall_64+0x82/0x170\n[ 190.272363] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 190.272373] RIP: 0033:0x7f1bd657d263\n[ 190.272381] Code: [...]\n[ 190.272385] RSP: 002b:00007ffe72b643f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 190.272391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1bd657d263\n[ 190.272395] RDX: 0000000000000002 RSI: 0000555a6eb538e0 RDI: 0000000000000001\n[ 190.272398] RBP: 0000555a6eb538e0 R08: 000000000000000a R09: 0000000000000000\n[ 190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500\n[ 190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002\n[ 190.272412] \u003c/TASK\u003e\n[ 190.272414] ---[ end trace 0000000000000000 ]---\n\nNote that ring_buffer_resize() calls rb_check_pages() only if the parent\ntrace_buffer has recording disabled. Recent commit d78ab792705c\n(\"tracing: Stop current tracer when resizing buffer\") causes that it is\nnow always the case which makes it more likely to experience this issue.\n\nThe window to hit this race is nonetheless very small. To help\nreproducing it, one can add a delay loop in rb_get_reader_page():\n\n ret = rb_head_page_replace(reader, cpu_buffer-\u003ereader_page);\n if (!ret)\n \tgoto spin;\n for (unsigned i = 0; i \u003c 1U \u003c\u003c 26; i++) /* inserted delay loop */\n \t__asm__ __volatile__ (\"\" : : : \"memory\");\n rb_list_head(reader-\u003elist.next)-\u003eprev = \u0026cpu_buffer-\u003ereader_page-\u003elist;\n\n.. \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:02.077Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b50932ea673b5a089a4bb570a8a868d95c72854e"
},
{
"url": "https://git.kernel.org/stable/c/c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a"
},
{
"url": "https://git.kernel.org/stable/c/1e160196042cac946798ac192a0bc3398f1aa66b"
},
{
"url": "https://git.kernel.org/stable/c/595363182f28786d641666a09e674b852c83b4bb"
},
{
"url": "https://git.kernel.org/stable/c/54c64967ba5f8658ae7da76005024ebd3d9d8f6e"
},
{
"url": "https://git.kernel.org/stable/c/af3274905b3143ea23142bbf77bd9b610c54e533"
},
{
"url": "https://git.kernel.org/stable/c/5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1"
},
{
"url": "https://git.kernel.org/stable/c/79b52013429a42b8efdb0cda8bb0041386abab87"
},
{
"url": "https://git.kernel.org/stable/c/c2274b908db05529980ec056359fae916939fdaa"
}
],
"title": "ring-buffer: Fix a race between readers and resize checks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38601",
"datePublished": "2024-06-19T13:48:13.097Z",
"dateReserved": "2024-06-18T19:36:34.933Z",
"dateUpdated": "2025-05-04T09:15:02.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52835 (GCVE-0-2023-52835)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Bail out early if the request AUX area is out of bound
When perf-record with a large AUX area, e.g 4GB, it fails with:
#perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1
failed to mmap with 12 (Cannot allocate memory)
and it reveals a WARNING with __alloc_pages():
------------[ cut here ]------------
WARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248
Call trace:
__alloc_pages+0x1ec/0x248
__kmalloc_large_node+0xc0/0x1f8
__kmalloc_node+0x134/0x1e8
rb_alloc_aux+0xe0/0x298
perf_mmap+0x440/0x660
mmap_region+0x308/0x8a8
do_mmap+0x3c0/0x528
vm_mmap_pgoff+0xf4/0x1b8
ksys_mmap_pgoff+0x18c/0x218
__arm64_sys_mmap+0x38/0x58
invoke_syscall+0x50/0x128
el0_svc_common.constprop.0+0x58/0x188
do_el0_svc+0x34/0x50
el0_svc+0x34/0x108
el0t_64_sync_handler+0xb8/0xc0
el0t_64_sync+0x1a4/0x1a8
'rb->aux_pages' allocated by kcalloc() is a pointer array which is used to
maintains AUX trace pages. The allocated page for this array is physically
contiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the
size of pointer array crosses the limitation set by MAX_ORDER, it reveals a
WARNING.
So bail out early with -ENOMEM if the request AUX area is out of bound,
e.g.:
#perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1
failed to mmap with 12 (Cannot allocate memory)
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:37.546418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:54.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/events/ring_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8c504f615d7ed60ae035c51d0c789137ced6797f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "788c0b3442ead737008934947730a6d1ff703734",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1a2a4202c60fcdffbf04f259002ce9bff39edece",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fd0df3f8719201dbe61a4d39083d5aecd705399a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9ce4e87a8efd37c85766ec08b15e885cab08553a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2424410f94a94d91230ced094062d859714c984a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2e905e608e38cf7f8dcddcf8a6036e91a78444cb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "54aee5f15b83437f23b2b2469bcf21bdd9823916",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/events/ring_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Bail out early if the request AUX area is out of bound\n\nWhen perf-record with a large AUX area, e.g 4GB, it fails with:\n\n #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\n failed to mmap with 12 (Cannot allocate memory)\n\nand it reveals a WARNING with __alloc_pages():\n\n\t------------[ cut here ]------------\n\tWARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248\n\tCall trace:\n\t __alloc_pages+0x1ec/0x248\n\t __kmalloc_large_node+0xc0/0x1f8\n\t __kmalloc_node+0x134/0x1e8\n\t rb_alloc_aux+0xe0/0x298\n\t perf_mmap+0x440/0x660\n\t mmap_region+0x308/0x8a8\n\t do_mmap+0x3c0/0x528\n\t vm_mmap_pgoff+0xf4/0x1b8\n\t ksys_mmap_pgoff+0x18c/0x218\n\t __arm64_sys_mmap+0x38/0x58\n\t invoke_syscall+0x50/0x128\n\t el0_svc_common.constprop.0+0x58/0x188\n\t do_el0_svc+0x34/0x50\n\t el0_svc+0x34/0x108\n\t el0t_64_sync_handler+0xb8/0xc0\n\t el0t_64_sync+0x1a4/0x1a8\n\n\u0027rb-\u003eaux_pages\u0027 allocated by kcalloc() is a pointer array which is used to\nmaintains AUX trace pages. The allocated page for this array is physically\ncontiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the\nsize of pointer array crosses the limitation set by MAX_ORDER, it reveals a\nWARNING.\n\nSo bail out early with -ENOMEM if the request AUX area is out of bound,\ne.g.:\n\n #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\n failed to mmap with 12 (Cannot allocate memory)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:00.575Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f"
},
{
"url": "https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734"
},
{
"url": "https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece"
},
{
"url": "https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a"
},
{
"url": "https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a"
},
{
"url": "https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a"
},
{
"url": "https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb"
},
{
"url": "https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916"
}
],
"title": "perf/core: Bail out early if the request AUX area is out of bound",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52835",
"datePublished": "2024-05-21T15:31:36.239Z",
"dateReserved": "2024-05-21T15:19:24.252Z",
"dateUpdated": "2025-05-04T07:44:00.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52833 (GCVE-0-2023-52833)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btusb: Add date->evt_skb is NULL check
fix crash because of null pointers
[ 6104.969662] BUG: kernel NULL pointer dereference, address: 00000000000000c8
[ 6104.969667] #PF: supervisor read access in kernel mode
[ 6104.969668] #PF: error_code(0x0000) - not-present page
[ 6104.969670] PGD 0 P4D 0
[ 6104.969673] Oops: 0000 [#1] SMP NOPTI
[ 6104.969684] RIP: 0010:btusb_mtk_hci_wmt_sync+0x144/0x220 [btusb]
[ 6104.969688] RSP: 0018:ffffb8d681533d48 EFLAGS: 00010246
[ 6104.969689] RAX: 0000000000000000 RBX: ffff8ad560bb2000 RCX: 0000000000000006
[ 6104.969691] RDX: 0000000000000000 RSI: ffffb8d681533d08 RDI: 0000000000000000
[ 6104.969692] RBP: ffffb8d681533d70 R08: 0000000000000001 R09: 0000000000000001
[ 6104.969694] R10: 0000000000000001 R11: 00000000fa83b2da R12: ffff8ad461d1d7c0
[ 6104.969695] R13: 0000000000000000 R14: ffff8ad459618c18 R15: ffffb8d681533d90
[ 6104.969697] FS: 00007f5a1cab9d40(0000) GS:ffff8ad578200000(0000) knlGS:00000
[ 6104.969699] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6104.969700] CR2: 00000000000000c8 CR3: 000000018620c001 CR4: 0000000000760ef0
[ 6104.969701] PKRU: 55555554
[ 6104.969702] Call Trace:
[ 6104.969708] btusb_mtk_shutdown+0x44/0x80 [btusb]
[ 6104.969732] hci_dev_do_close+0x470/0x5c0 [bluetooth]
[ 6104.969748] hci_rfkill_set_block+0x56/0xa0 [bluetooth]
[ 6104.969753] rfkill_set_block+0x92/0x160
[ 6104.969755] rfkill_fop_write+0x136/0x1e0
[ 6104.969759] __vfs_write+0x18/0x40
[ 6104.969761] vfs_write+0xdf/0x1c0
[ 6104.969763] ksys_write+0xb1/0xe0
[ 6104.969765] __x64_sys_write+0x1a/0x20
[ 6104.969769] do_syscall_64+0x51/0x180
[ 6104.969771] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 6104.969773] RIP: 0033:0x7f5a21f18fef
[ 6104.9] RSP: 002b:00007ffeefe39010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 6104.969780] RAX: ffffffffffffffda RBX: 000055c10a7560a0 RCX: 00007f5a21f18fef
[ 6104.969781] RDX: 0000000000000008 RSI: 00007ffeefe39060 RDI: 0000000000000012
[ 6104.969782] RBP: 00007ffeefe39060 R08: 0000000000000000 R09: 0000000000000017
[ 6104.969784] R10: 00007ffeefe38d97 R11: 0000000000000293 R12: 0000000000000002
[ 6104.969785] R13: 00007ffeefe39220 R14: 00007ffeefe391a0 R15: 000055c10a72acf0
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T20:52:00.965162Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:07.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9f8e4d1a4ca1179aaeb43f91f3e2a386e7e616b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9de14bde56dcbb0765284c6dfc35842b021733c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a556f2ef556a04790f67f2fa272f1a77336d15a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0048ddf045bddc4dacb3e783fd869a2f8fb5be30"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13b1ebad4c175e6a9b0748acbf133c21a15d282a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/624820f7c8826dd010e8b1963303c145f99816e9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/btusb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9f8e4d1a4ca1179aaeb43f91f3e2a386e7e616b3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f9de14bde56dcbb0765284c6dfc35842b021733c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a556f2ef556a04790f67f2fa272f1a77336d15a0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0048ddf045bddc4dacb3e783fd869a2f8fb5be30",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "13b1ebad4c175e6a9b0748acbf133c21a15d282a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "624820f7c8826dd010e8b1963303c145f99816e9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/btusb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: Add date-\u003eevt_skb is NULL check\n\nfix crash because of null pointers\n\n[ 6104.969662] BUG: kernel NULL pointer dereference, address: 00000000000000c8\n[ 6104.969667] #PF: supervisor read access in kernel mode\n[ 6104.969668] #PF: error_code(0x0000) - not-present page\n[ 6104.969670] PGD 0 P4D 0\n[ 6104.969673] Oops: 0000 [#1] SMP NOPTI\n[ 6104.969684] RIP: 0010:btusb_mtk_hci_wmt_sync+0x144/0x220 [btusb]\n[ 6104.969688] RSP: 0018:ffffb8d681533d48 EFLAGS: 00010246\n[ 6104.969689] RAX: 0000000000000000 RBX: ffff8ad560bb2000 RCX: 0000000000000006\n[ 6104.969691] RDX: 0000000000000000 RSI: ffffb8d681533d08 RDI: 0000000000000000\n[ 6104.969692] RBP: ffffb8d681533d70 R08: 0000000000000001 R09: 0000000000000001\n[ 6104.969694] R10: 0000000000000001 R11: 00000000fa83b2da R12: ffff8ad461d1d7c0\n[ 6104.969695] R13: 0000000000000000 R14: ffff8ad459618c18 R15: ffffb8d681533d90\n[ 6104.969697] FS: 00007f5a1cab9d40(0000) GS:ffff8ad578200000(0000) knlGS:00000\n[ 6104.969699] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 6104.969700] CR2: 00000000000000c8 CR3: 000000018620c001 CR4: 0000000000760ef0\n[ 6104.969701] PKRU: 55555554\n[ 6104.969702] Call Trace:\n[ 6104.969708] btusb_mtk_shutdown+0x44/0x80 [btusb]\n[ 6104.969732] hci_dev_do_close+0x470/0x5c0 [bluetooth]\n[ 6104.969748] hci_rfkill_set_block+0x56/0xa0 [bluetooth]\n[ 6104.969753] rfkill_set_block+0x92/0x160\n[ 6104.969755] rfkill_fop_write+0x136/0x1e0\n[ 6104.969759] __vfs_write+0x18/0x40\n[ 6104.969761] vfs_write+0xdf/0x1c0\n[ 6104.969763] ksys_write+0xb1/0xe0\n[ 6104.969765] __x64_sys_write+0x1a/0x20\n[ 6104.969769] do_syscall_64+0x51/0x180\n[ 6104.969771] entry_SYSCALL_64_after_hwframe+0x44/0xa9\n[ 6104.969773] RIP: 0033:0x7f5a21f18fef\n[ 6104.9] RSP: 002b:00007ffeefe39010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\n[ 6104.969780] RAX: ffffffffffffffda RBX: 000055c10a7560a0 RCX: 00007f5a21f18fef\n[ 6104.969781] RDX: 0000000000000008 RSI: 00007ffeefe39060 RDI: 0000000000000012\n[ 6104.969782] RBP: 00007ffeefe39060 R08: 0000000000000000 R09: 0000000000000017\n[ 6104.969784] R10: 00007ffeefe38d97 R11: 0000000000000293 R12: 0000000000000002\n[ 6104.969785] R13: 00007ffeefe39220 R14: 00007ffeefe391a0 R15: 000055c10a72acf0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:57.863Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9f8e4d1a4ca1179aaeb43f91f3e2a386e7e616b3"
},
{
"url": "https://git.kernel.org/stable/c/f9de14bde56dcbb0765284c6dfc35842b021733c"
},
{
"url": "https://git.kernel.org/stable/c/a556f2ef556a04790f67f2fa272f1a77336d15a0"
},
{
"url": "https://git.kernel.org/stable/c/0048ddf045bddc4dacb3e783fd869a2f8fb5be30"
},
{
"url": "https://git.kernel.org/stable/c/13b1ebad4c175e6a9b0748acbf133c21a15d282a"
},
{
"url": "https://git.kernel.org/stable/c/624820f7c8826dd010e8b1963303c145f99816e9"
}
],
"title": "Bluetooth: btusb: Add date-\u003eevt_skb is NULL check",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52833",
"datePublished": "2024-05-21T15:31:34.915Z",
"dateReserved": "2024-05-21T15:19:24.252Z",
"dateUpdated": "2025-05-04T07:43:57.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39301 (GCVE-0-2024-39301)
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2025-05-04 09:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/9p: fix uninit-value in p9_client_rpc()
Syzbot with the help of KMSAN reported the following error:
BUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline]
BUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 net/9p/client.c:754
trace_9p_client_res include/trace/events/9p.h:146 [inline]
p9_client_rpc+0x1314/0x1340 net/9p/client.c:754
p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031
v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410
v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122
legacy_get_tree+0x114/0x290 fs/fs_context.c:662
vfs_get_tree+0xa7/0x570 fs/super.c:1797
do_new_mount+0x71f/0x15e0 fs/namespace.c:3352
path_mount+0x742/0x1f20 fs/namespace.c:3679
do_mount fs/namespace.c:3692 [inline]
__do_sys_mount fs/namespace.c:3898 [inline]
__se_sys_mount+0x725/0x810 fs/namespace.c:3875
__x64_sys_mount+0xe4/0x150 fs/namespace.c:3875
do_syscall_64+0xd5/0x1f0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
Uninit was created at:
__alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598
__alloc_pages_node include/linux/gfp.h:238 [inline]
alloc_pages_node include/linux/gfp.h:261 [inline]
alloc_slab_page mm/slub.c:2175 [inline]
allocate_slab mm/slub.c:2338 [inline]
new_slab+0x2de/0x1400 mm/slub.c:2391
___slab_alloc+0x1184/0x33d0 mm/slub.c:3525
__slab_alloc mm/slub.c:3610 [inline]
__slab_alloc_node mm/slub.c:3663 [inline]
slab_alloc_node mm/slub.c:3835 [inline]
kmem_cache_alloc+0x6d3/0xbe0 mm/slub.c:3852
p9_tag_alloc net/9p/client.c:278 [inline]
p9_client_prepare_req+0x20a/0x1770 net/9p/client.c:641
p9_client_rpc+0x27e/0x1340 net/9p/client.c:688
p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031
v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410
v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122
legacy_get_tree+0x114/0x290 fs/fs_context.c:662
vfs_get_tree+0xa7/0x570 fs/super.c:1797
do_new_mount+0x71f/0x15e0 fs/namespace.c:3352
path_mount+0x742/0x1f20 fs/namespace.c:3679
do_mount fs/namespace.c:3692 [inline]
__do_sys_mount fs/namespace.c:3898 [inline]
__se_sys_mount+0x725/0x810 fs/namespace.c:3875
__x64_sys_mount+0xe4/0x150 fs/namespace.c:3875
do_syscall_64+0xd5/0x1f0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
If p9_check_errors() fails early in p9_client_rpc(), req->rc.tag
will not be properly initialized. However, trace_9p_client_res()
ends up trying to print it out anyway before p9_client_rpc()
finishes.
Fix this issue by assigning default values to p9_fcall fields
such as 'tag' and (just in case KMSAN unearths something new) 'id'
during the tag allocation stage.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 348b59012e5c6402741d067cf6eeeb6271999d06 Version: 348b59012e5c6402741d067cf6eeeb6271999d06 Version: 348b59012e5c6402741d067cf6eeeb6271999d06 Version: 348b59012e5c6402741d067cf6eeeb6271999d06 Version: 348b59012e5c6402741d067cf6eeeb6271999d06 Version: 348b59012e5c6402741d067cf6eeeb6271999d06 Version: 348b59012e5c6402741d067cf6eeeb6271999d06 Version: 348b59012e5c6402741d067cf6eeeb6271999d06 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T15:42:59.168505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T15:43:08.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72c5d8e416ecc46af370a1340b3db5ff0b0cc867"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2101901dd58c6da4924bc5efb217a1d83436290b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/124947855564572713d705a13be7d0c9dae16a17"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89969ffbeb948ffc159d19252e7469490103011b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca71f204711ad24113e8b344dc5bb8b0385f5672"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c1791130b781c843572fb6391c4a4c5d857ab17"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe5c604053c36c62af24eee8a76407d026ea5163"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25460d6f39024cc3b8241b14c7ccf0d6f11a736a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/9p/client.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "72c5d8e416ecc46af370a1340b3db5ff0b0cc867",
"status": "affected",
"version": "348b59012e5c6402741d067cf6eeeb6271999d06",
"versionType": "git"
},
{
"lessThan": "2101901dd58c6da4924bc5efb217a1d83436290b",
"status": "affected",
"version": "348b59012e5c6402741d067cf6eeeb6271999d06",
"versionType": "git"
},
{
"lessThan": "124947855564572713d705a13be7d0c9dae16a17",
"status": "affected",
"version": "348b59012e5c6402741d067cf6eeeb6271999d06",
"versionType": "git"
},
{
"lessThan": "89969ffbeb948ffc159d19252e7469490103011b",
"status": "affected",
"version": "348b59012e5c6402741d067cf6eeeb6271999d06",
"versionType": "git"
},
{
"lessThan": "ca71f204711ad24113e8b344dc5bb8b0385f5672",
"status": "affected",
"version": "348b59012e5c6402741d067cf6eeeb6271999d06",
"versionType": "git"
},
{
"lessThan": "6c1791130b781c843572fb6391c4a4c5d857ab17",
"status": "affected",
"version": "348b59012e5c6402741d067cf6eeeb6271999d06",
"versionType": "git"
},
{
"lessThan": "fe5c604053c36c62af24eee8a76407d026ea5163",
"status": "affected",
"version": "348b59012e5c6402741d067cf6eeeb6271999d06",
"versionType": "git"
},
{
"lessThan": "25460d6f39024cc3b8241b14c7ccf0d6f11a736a",
"status": "affected",
"version": "348b59012e5c6402741d067cf6eeeb6271999d06",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/9p/client.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.2"
},
{
"lessThan": "3.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.94",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.34",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.5",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: fix uninit-value in p9_client_rpc()\n\nSyzbot with the help of KMSAN reported the following error:\n\nBUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline]\nBUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n trace_9p_client_res include/trace/events/9p.h:146 [inline]\n p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2175 [inline]\n allocate_slab mm/slub.c:2338 [inline]\n new_slab+0x2de/0x1400 mm/slub.c:2391\n ___slab_alloc+0x1184/0x33d0 mm/slub.c:3525\n __slab_alloc mm/slub.c:3610 [inline]\n __slab_alloc_node mm/slub.c:3663 [inline]\n slab_alloc_node mm/slub.c:3835 [inline]\n kmem_cache_alloc+0x6d3/0xbe0 mm/slub.c:3852\n p9_tag_alloc net/9p/client.c:278 [inline]\n p9_client_prepare_req+0x20a/0x1770 net/9p/client.c:641\n p9_client_rpc+0x27e/0x1340 net/9p/client.c:688\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nIf p9_check_errors() fails early in p9_client_rpc(), req-\u003erc.tag\nwill not be properly initialized. However, trace_9p_client_res()\nends up trying to print it out anyway before p9_client_rpc()\nfinishes.\n\nFix this issue by assigning default values to p9_fcall fields\nsuch as \u0027tag\u0027 and (just in case KMSAN unearths something new) \u0027id\u0027\nduring the tag allocation stage."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:16:16.375Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/72c5d8e416ecc46af370a1340b3db5ff0b0cc867"
},
{
"url": "https://git.kernel.org/stable/c/2101901dd58c6da4924bc5efb217a1d83436290b"
},
{
"url": "https://git.kernel.org/stable/c/124947855564572713d705a13be7d0c9dae16a17"
},
{
"url": "https://git.kernel.org/stable/c/89969ffbeb948ffc159d19252e7469490103011b"
},
{
"url": "https://git.kernel.org/stable/c/ca71f204711ad24113e8b344dc5bb8b0385f5672"
},
{
"url": "https://git.kernel.org/stable/c/6c1791130b781c843572fb6391c4a4c5d857ab17"
},
{
"url": "https://git.kernel.org/stable/c/fe5c604053c36c62af24eee8a76407d026ea5163"
},
{
"url": "https://git.kernel.org/stable/c/25460d6f39024cc3b8241b14c7ccf0d6f11a736a"
}
],
"title": "net/9p: fix uninit-value in p9_client_rpc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39301",
"datePublished": "2024-06-25T14:22:41.566Z",
"dateReserved": "2024-06-24T13:53:25.535Z",
"dateUpdated": "2025-05-04T09:16:16.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52875 (GCVE-0-2023-52875)
Vulnerability from cvelistv5
Published
2024-05-21 15:32
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
Add the check for the return value of mtk_alloc_clk_data() in order to
avoid NULL pointer dereference.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fccee2af400edaed9cf349d506c5971d4762739"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1953e62366da5460dc712e045f94fb0d8918999d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1461f0c9ca0827c03730fe9652ebbf6316a2a95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/001e5def774fa1a8f2b29567c0b0cd3e3a859a96"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1175cf4bd2b4c5f7c43f677ea1ce9ad2c18d055"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a18dd653284550900b02107c3c7b3ac5e0eb802"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e61934720af4a58ffd43a63ffdd6f3a0bd7d7b47"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1bf9c204aef4cc55ce46a7ff2d4dc7e5f86551a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d6e24b422a2166a9297a8286ff2e6ab9a5e8cd3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:21.387443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:53.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt2701.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6fccee2af400edaed9cf349d506c5971d4762739",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "1953e62366da5460dc712e045f94fb0d8918999d",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "d1461f0c9ca0827c03730fe9652ebbf6316a2a95",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "001e5def774fa1a8f2b29567c0b0cd3e3a859a96",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "d1175cf4bd2b4c5f7c43f677ea1ce9ad2c18d055",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "2a18dd653284550900b02107c3c7b3ac5e0eb802",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "e61934720af4a58ffd43a63ffdd6f3a0bd7d7b47",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "1bf9c204aef4cc55ce46a7ff2d4dc7e5f86551a7",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "0d6e24b422a2166a9297a8286ff2e6ab9a5e8cd3",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt2701.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.330",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.330",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data\n\nAdd the check for the return value of mtk_alloc_clk_data() in order to\navoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:52.032Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6fccee2af400edaed9cf349d506c5971d4762739"
},
{
"url": "https://git.kernel.org/stable/c/1953e62366da5460dc712e045f94fb0d8918999d"
},
{
"url": "https://git.kernel.org/stable/c/d1461f0c9ca0827c03730fe9652ebbf6316a2a95"
},
{
"url": "https://git.kernel.org/stable/c/001e5def774fa1a8f2b29567c0b0cd3e3a859a96"
},
{
"url": "https://git.kernel.org/stable/c/d1175cf4bd2b4c5f7c43f677ea1ce9ad2c18d055"
},
{
"url": "https://git.kernel.org/stable/c/2a18dd653284550900b02107c3c7b3ac5e0eb802"
},
{
"url": "https://git.kernel.org/stable/c/e61934720af4a58ffd43a63ffdd6f3a0bd7d7b47"
},
{
"url": "https://git.kernel.org/stable/c/1bf9c204aef4cc55ce46a7ff2d4dc7e5f86551a7"
},
{
"url": "https://git.kernel.org/stable/c/0d6e24b422a2166a9297a8286ff2e6ab9a5e8cd3"
}
],
"title": "clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52875",
"datePublished": "2024-05-21T15:32:08.604Z",
"dateReserved": "2024-05-21T15:19:24.264Z",
"dateUpdated": "2025-05-04T07:44:52.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26758 (GCVE-0-2024-26758)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
md: Don't ignore suspended array in md_check_recovery()
mddev_suspend() never stop sync_thread, hence it doesn't make sense to
ignore suspended array in md_check_recovery(), which might cause
sync_thread can't be unregistered.
After commit f52f5c71f3d4 ("md: fix stopping sync thread"), following
hang can be triggered by test shell/integrity-caching.sh:
1) suspend the array:
raid_postsuspend
mddev_suspend
2) stop the array:
raid_dtr
md_stop
__md_stop_writes
stop_sync_thread
set_bit(MD_RECOVERY_INTR, &mddev->recovery);
md_wakeup_thread_directly(mddev->sync_thread);
wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))
3) sync thread done:
md_do_sync
set_bit(MD_RECOVERY_DONE, &mddev->recovery);
md_wakeup_thread(mddev->thread);
4) daemon thread can't unregister sync thread:
md_check_recovery
if (mddev->suspended)
return; -> return directly
md_read_sync_thread
clear_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
-> MD_RECOVERY_RUNNING can't be cleared, hence step 2 hang;
This problem is not just related to dm-raid, fix it by ignoring
suspended array in md_check_recovery(). And follow up patches will
improve dm-raid better to frozen sync thread during suspend.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:44:46.004126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T17:38:20.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/md.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a55f0d6179a19c6b982e2dc344d58c98647a3be0",
"status": "affected",
"version": "68866e425be2ef2664aa5c691bb3ab789736acf5",
"versionType": "git"
},
{
"lessThan": "1baae052cccd08daf9a9d64c3f959d8cdb689757",
"status": "affected",
"version": "68866e425be2ef2664aa5c691bb3ab789736acf5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/md.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"lessThan": "3.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\u0027t ignore suspended array in md_check_recovery()\n\nmddev_suspend() never stop sync_thread, hence it doesn\u0027t make sense to\nignore suspended array in md_check_recovery(), which might cause\nsync_thread can\u0027t be unregistered.\n\nAfter commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) suspend the array:\nraid_postsuspend\n mddev_suspend\n\n2) stop the array:\nraid_dtr\n md_stop\n __md_stop_writes\n stop_sync_thread\n set_bit(MD_RECOVERY_INTR, \u0026mddev-\u003erecovery);\n md_wakeup_thread_directly(mddev-\u003esync_thread);\n wait_event(..., !test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery))\n\n3) sync thread done:\nmd_do_sync\n set_bit(MD_RECOVERY_DONE, \u0026mddev-\u003erecovery);\n md_wakeup_thread(mddev-\u003ethread);\n\n4) daemon thread can\u0027t unregister sync thread:\nmd_check_recovery\n if (mddev-\u003esuspended)\n return; -\u003e return directly\n md_read_sync_thread\n clear_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery);\n -\u003e MD_RECOVERY_RUNNING can\u0027t be cleared, hence step 2 hang;\n\nThis problem is not just related to dm-raid, fix it by ignoring\nsuspended array in md_check_recovery(). And follow up patches will\nimprove dm-raid better to frozen sync thread during suspend."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:50.864Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0"
},
{
"url": "https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757"
}
],
"title": "md: Don\u0027t ignore suspended array in md_check_recovery()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26758",
"datePublished": "2024-04-03T17:00:42.448Z",
"dateReserved": "2024-02-19T14:20:24.170Z",
"dateUpdated": "2025-05-04T08:55:50.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36972 (GCVE-0-2024-36972)
Vulnerability from cvelistv5
Published
2024-06-10 14:57
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
Billy Jheng Bing-Jhong reported a race between __unix_gc() and
queue_oob().
__unix_gc() tries to garbage-collect close()d inflight sockets,
and then if the socket has MSG_OOB in unix_sk(sk)->oob_skb, GC
will drop the reference and set NULL to it locklessly.
However, the peer socket still can send MSG_OOB message and
queue_oob() can update unix_sk(sk)->oob_skb concurrently, leading
NULL pointer dereference. [0]
To fix the issue, let's update unix_sk(sk)->oob_skb under the
sk_receive_queue's lock and take it everywhere we touch oob_skb.
Note that we defer kfree_skb() in manage_oob() to silence lockdep
false-positive (See [1]).
[0]:
BUG: kernel NULL pointer dereference, address: 0000000000000008
PF: supervisor write access in kernel mode
PF: error_code(0x0002) - not-present page
PGD 8000000009f5e067 P4D 8000000009f5e067 PUD 9f5d067 PMD 0
Oops: 0002 [#1] PREEMPT SMP PTI
CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc5-00191-gd091e579b864 #110
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Workqueue: events delayed_fput
RIP: 0010:skb_dequeue (./include/linux/skbuff.h:2386 ./include/linux/skbuff.h:2402 net/core/skbuff.c:3847)
Code: 39 e3 74 3e 8b 43 10 48 89 ef 83 e8 01 89 43 10 49 8b 44 24 08 49 c7 44 24 08 00 00 00 00 49 8b 14 24 49 c7 04 24 00 00 00 00 <48> 89 42 08 48 89 10 e8 e7 c5 42 00 4c 89 e0 5b 5d 41 5c c3 cc cc
RSP: 0018:ffffc900001bfd48 EFLAGS: 00000002
RAX: 0000000000000000 RBX: ffff8880088f5ae8 RCX: 00000000361289f9
RDX: 0000000000000000 RSI: 0000000000000206 RDI: ffff8880088f5b00
RBP: ffff8880088f5b00 R08: 0000000000080000 R09: 0000000000000001
R10: 0000000000000003 R11: 0000000000000001 R12: ffff8880056b6a00
R13: ffff8880088f5280 R14: 0000000000000001 R15: ffff8880088f5a80
FS: 0000000000000000(0000) GS:ffff88807dd80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 0000000006314000 CR4: 00000000007506f0
PKRU: 55555554
Call Trace:
<TASK>
unix_release_sock (net/unix/af_unix.c:654)
unix_release (net/unix/af_unix.c:1050)
__sock_release (net/socket.c:660)
sock_close (net/socket.c:1423)
__fput (fs/file_table.c:423)
delayed_fput (fs/file_table.c:444 (discriminator 3))
process_one_work (kernel/workqueue.c:3259)
worker_thread (kernel/workqueue.c:3329 kernel/workqueue.c:3416)
kthread (kernel/kthread.c:388)
ret_from_fork (arch/x86/kernel/process.c:153)
ret_from_fork_asm (arch/x86/entry/entry_64.S:257)
</TASK>
Modules linked in:
CR2: 0000000000000008
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4fe505c63aa3273135a57597fda761e9aecc7668 Version: e0e09186d8821ad59806115d347ea32efa43ca4b Version: b74aa9ce13d02b7fd37c5325b99854f91b9b4276 Version: 1279f9d9dec2d7462823a18c29ad61359e0a007d Version: 1279f9d9dec2d7462823a18c29ad61359e0a007d Version: 82ae47c5c3a6b27fdc0f9e83c1499cb439c56140 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "518a994aa0b8",
"status": "affected",
"version": "4fe505c63aa3",
"versionType": "git"
},
{
"lessThan": "4bf6964451c3",
"status": "affected",
"version": "e0e09186d882",
"versionType": "git"
},
{
"lessThan": "d59ae9314b97",
"status": "affected",
"version": "b74aa9ce13d0",
"versionType": "custom"
},
{
"lessThan": "4708f49add84",
"status": "affected",
"version": "1279f9d9dec2",
"versionType": "custom"
},
{
"lessThan": "9841991a446c",
"status": "affected",
"version": "1279f9d9dec2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.8:-:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6.8"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T03:56:02.065864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T15:34:54.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/518a994aa0b87d96f1bc6678a7035df5d1fcd7a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4bf6964451c3cb411fbaa1ae8b214b3d97a59bf1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d59ae9314b97e01c76a4171472441e55721ba636"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4708f49add84a57ce0ccc7bf9a6269845c631cc3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9841991a446c87f90f66f4b9fee6fe934c1336a2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/unix/af_unix.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "518a994aa0b87d96f1bc6678a7035df5d1fcd7a1",
"status": "affected",
"version": "4fe505c63aa3273135a57597fda761e9aecc7668",
"versionType": "git"
},
{
"lessThan": "4bf6964451c3cb411fbaa1ae8b214b3d97a59bf1",
"status": "affected",
"version": "e0e09186d8821ad59806115d347ea32efa43ca4b",
"versionType": "git"
},
{
"lessThan": "d59ae9314b97e01c76a4171472441e55721ba636",
"status": "affected",
"version": "b74aa9ce13d02b7fd37c5325b99854f91b9b4276",
"versionType": "git"
},
{
"lessThan": "4708f49add84a57ce0ccc7bf9a6269845c631cc3",
"status": "affected",
"version": "1279f9d9dec2d7462823a18c29ad61359e0a007d",
"versionType": "git"
},
{
"lessThan": "9841991a446c87f90f66f4b9fee6fe934c1336a2",
"status": "affected",
"version": "1279f9d9dec2d7462823a18c29ad61359e0a007d",
"versionType": "git"
},
{
"status": "affected",
"version": "82ae47c5c3a6b27fdc0f9e83c1499cb439c56140",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/unix/af_unix.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "6.1.78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Update unix_sk(sk)-\u003eoob_skb under sk_receive_queue lock.\n\nBilly Jheng Bing-Jhong reported a race between __unix_gc() and\nqueue_oob().\n\n__unix_gc() tries to garbage-collect close()d inflight sockets,\nand then if the socket has MSG_OOB in unix_sk(sk)-\u003eoob_skb, GC\nwill drop the reference and set NULL to it locklessly.\n\nHowever, the peer socket still can send MSG_OOB message and\nqueue_oob() can update unix_sk(sk)-\u003eoob_skb concurrently, leading\nNULL pointer dereference. [0]\n\nTo fix the issue, let\u0027s update unix_sk(sk)-\u003eoob_skb under the\nsk_receive_queue\u0027s lock and take it everywhere we touch oob_skb.\n\nNote that we defer kfree_skb() in manage_oob() to silence lockdep\nfalse-positive (See [1]).\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 8000000009f5e067 P4D 8000000009f5e067 PUD 9f5d067 PMD 0\nOops: 0002 [#1] PREEMPT SMP PTI\nCPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc5-00191-gd091e579b864 #110\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: events delayed_fput\nRIP: 0010:skb_dequeue (./include/linux/skbuff.h:2386 ./include/linux/skbuff.h:2402 net/core/skbuff.c:3847)\nCode: 39 e3 74 3e 8b 43 10 48 89 ef 83 e8 01 89 43 10 49 8b 44 24 08 49 c7 44 24 08 00 00 00 00 49 8b 14 24 49 c7 04 24 00 00 00 00 \u003c48\u003e 89 42 08 48 89 10 e8 e7 c5 42 00 4c 89 e0 5b 5d 41 5c c3 cc cc\nRSP: 0018:ffffc900001bfd48 EFLAGS: 00000002\nRAX: 0000000000000000 RBX: ffff8880088f5ae8 RCX: 00000000361289f9\nRDX: 0000000000000000 RSI: 0000000000000206 RDI: ffff8880088f5b00\nRBP: ffff8880088f5b00 R08: 0000000000080000 R09: 0000000000000001\nR10: 0000000000000003 R11: 0000000000000001 R12: ffff8880056b6a00\nR13: ffff8880088f5280 R14: 0000000000000001 R15: ffff8880088f5a80\nFS: 0000000000000000(0000) GS:ffff88807dd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000006314000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n unix_release_sock (net/unix/af_unix.c:654)\n unix_release (net/unix/af_unix.c:1050)\n __sock_release (net/socket.c:660)\n sock_close (net/socket.c:1423)\n __fput (fs/file_table.c:423)\n delayed_fput (fs/file_table.c:444 (discriminator 3))\n process_one_work (kernel/workqueue.c:3259)\n worker_thread (kernel/workqueue.c:3329 kernel/workqueue.c:3416)\n kthread (kernel/kthread.c:388)\n ret_from_fork (arch/x86/kernel/process.c:153)\n ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\n \u003c/TASK\u003e\nModules linked in:\nCR2: 0000000000000008"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:38.466Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/518a994aa0b87d96f1bc6678a7035df5d1fcd7a1"
},
{
"url": "https://git.kernel.org/stable/c/4bf6964451c3cb411fbaa1ae8b214b3d97a59bf1"
},
{
"url": "https://git.kernel.org/stable/c/d59ae9314b97e01c76a4171472441e55721ba636"
},
{
"url": "https://git.kernel.org/stable/c/4708f49add84a57ce0ccc7bf9a6269845c631cc3"
},
{
"url": "https://git.kernel.org/stable/c/9841991a446c87f90f66f4b9fee6fe934c1336a2"
}
],
"title": "af_unix: Update unix_sk(sk)-\u003eoob_skb under sk_receive_queue lock.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36972",
"datePublished": "2024-06-10T14:57:42.271Z",
"dateReserved": "2024-05-30T15:25:07.082Z",
"dateUpdated": "2025-05-04T12:56:38.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35807 (GCVE-0-2024-35807)
Vulnerability from cvelistv5
Published
2024-05-17 13:23
Modified
2025-05-04 09:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix corruption during on-line resize
We observed a corruption during on-line resize of a file system that is
larger than 16 TiB with 4k block size. With having more then 2^32 blocks
resize_inode is turned off by default by mke2fs. The issue can be
reproduced on a smaller file system for convenience by explicitly
turning off resize_inode. An on-line resize across an 8 GiB boundary (the
size of a meta block group in this setup) then leads to a corruption:
dev=/dev/<some_dev> # should be >= 16 GiB
mkdir -p /corruption
/sbin/mke2fs -t ext4 -b 4096 -O ^resize_inode $dev $((2 * 2**21 - 2**15))
mount -t ext4 $dev /corruption
dd if=/dev/zero bs=4096 of=/corruption/test count=$((2*2**21 - 4*2**15))
sha1sum /corruption/test
# 79d2658b39dcfd77274e435b0934028adafaab11 /corruption/test
/sbin/resize2fs $dev $((2*2**21))
# drop page cache to force reload the block from disk
echo 1 > /proc/sys/vm/drop_caches
sha1sum /corruption/test
# 3c2abc63cbf1a94c9e6977e0fbd72cd832c4d5c3 /corruption/test
2^21 = 2^15*2^6 equals 8 GiB whereof 2^15 is the number of blocks per
block group and 2^6 are the number of block groups that make a meta
block group.
The last checksum might be different depending on how the file is laid
out across the physical blocks. The actual corruption occurs at physical
block 63*2^15 = 2064384 which would be the location of the backup of the
meta block group's block descriptor. During the on-line resize the file
system will be converted to meta_bg starting at s_first_meta_bg which is
2 in the example - meaning all block groups after 16 GiB. However, in
ext4_flex_group_add we might add block groups that are not part of the
first meta block group yet. In the reproducer we achieved this by
substracting the size of a whole block group from the point where the
meta block group would start. This must be considered when updating the
backup block group descriptors to follow the non-meta_bg layout. The fix
is to add a test whether the group to add is already part of the meta
block group or not.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 Version: 01f795f9e0d67adeccc61a8b20c28acb45fa5fd8 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:25:51.499528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:26:07.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:47.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75cc31c2e7193b69f5d25650bda5bb42ed92f8a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee4e9c1976147a850f6085a13fca95bcaa00d84c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8e8b197317228b5089ed9e7802dadf3ccaa027a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb1088d51bbaa0faec5a55d4f5818a9ab79e24df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37b6a3ba793bbbae057f5b991970ebcc52cb3db5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b461910af8ba3bed80f48c2bf852686d05c6fc5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/722d2c01b8b108f8283d1b7222209d5b2a5aa7bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/resize.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "75cc31c2e7193b69f5d25650bda5bb42ed92f8a1",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "ee4e9c1976147a850f6085a13fca95bcaa00d84c",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "e8e8b197317228b5089ed9e7802dadf3ccaa027a",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "239c669edb2bffa1aa2612519b1d438ab35d6be6",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "fb1088d51bbaa0faec5a55d4f5818a9ab79e24df",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "37b6a3ba793bbbae057f5b991970ebcc52cb3db5",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "b461910af8ba3bed80f48c2bf852686d05c6fc5c",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "722d2c01b8b108f8283d1b7222209d5b2a5aa7bd",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
},
{
"lessThan": "a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc",
"status": "affected",
"version": "01f795f9e0d67adeccc61a8b20c28acb45fa5fd8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/resize.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix corruption during on-line resize\n\nWe observed a corruption during on-line resize of a file system that is\nlarger than 16 TiB with 4k block size. With having more then 2^32 blocks\nresize_inode is turned off by default by mke2fs. The issue can be\nreproduced on a smaller file system for convenience by explicitly\nturning off resize_inode. An on-line resize across an 8 GiB boundary (the\nsize of a meta block group in this setup) then leads to a corruption:\n\n dev=/dev/\u003csome_dev\u003e # should be \u003e= 16 GiB\n mkdir -p /corruption\n /sbin/mke2fs -t ext4 -b 4096 -O ^resize_inode $dev $((2 * 2**21 - 2**15))\n mount -t ext4 $dev /corruption\n\n dd if=/dev/zero bs=4096 of=/corruption/test count=$((2*2**21 - 4*2**15))\n sha1sum /corruption/test\n # 79d2658b39dcfd77274e435b0934028adafaab11 /corruption/test\n\n /sbin/resize2fs $dev $((2*2**21))\n # drop page cache to force reload the block from disk\n echo 1 \u003e /proc/sys/vm/drop_caches\n\n sha1sum /corruption/test\n # 3c2abc63cbf1a94c9e6977e0fbd72cd832c4d5c3 /corruption/test\n\n2^21 = 2^15*2^6 equals 8 GiB whereof 2^15 is the number of blocks per\nblock group and 2^6 are the number of block groups that make a meta\nblock group.\n\nThe last checksum might be different depending on how the file is laid\nout across the physical blocks. The actual corruption occurs at physical\nblock 63*2^15 = 2064384 which would be the location of the backup of the\nmeta block group\u0027s block descriptor. During the on-line resize the file\nsystem will be converted to meta_bg starting at s_first_meta_bg which is\n2 in the example - meaning all block groups after 16 GiB. However, in\next4_flex_group_add we might add block groups that are not part of the\nfirst meta block group yet. In the reproducer we achieved this by\nsubstracting the size of a whole block group from the point where the\nmeta block group would start. This must be considered when updating the\nbackup block group descriptors to follow the non-meta_bg layout. The fix\nis to add a test whether the group to add is already part of the meta\nblock group or not."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:50.120Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/75cc31c2e7193b69f5d25650bda5bb42ed92f8a1"
},
{
"url": "https://git.kernel.org/stable/c/ee4e9c1976147a850f6085a13fca95bcaa00d84c"
},
{
"url": "https://git.kernel.org/stable/c/e8e8b197317228b5089ed9e7802dadf3ccaa027a"
},
{
"url": "https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6"
},
{
"url": "https://git.kernel.org/stable/c/fb1088d51bbaa0faec5a55d4f5818a9ab79e24df"
},
{
"url": "https://git.kernel.org/stable/c/37b6a3ba793bbbae057f5b991970ebcc52cb3db5"
},
{
"url": "https://git.kernel.org/stable/c/b461910af8ba3bed80f48c2bf852686d05c6fc5c"
},
{
"url": "https://git.kernel.org/stable/c/722d2c01b8b108f8283d1b7222209d5b2a5aa7bd"
},
{
"url": "https://git.kernel.org/stable/c/a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc"
}
],
"title": "ext4: fix corruption during on-line resize",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35807",
"datePublished": "2024-05-17T13:23:14.869Z",
"dateReserved": "2024-05-17T12:19:12.342Z",
"dateUpdated": "2025-05-04T09:05:50.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52810 (GCVE-0-2023-52810)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/jfs: Add check for negative db_l2nbperpage
l2nbperpage is log2(number of blks per page), and the minimum legal
value should be 0, not negative.
In the case of l2nbperpage being negative, an error will occur
when subsequently used as shift exponent.
Syzbot reported this bug:
UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12
shift exponent -16777216 is negative
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "cc61fcf7d1c9",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "8f2964df6bfc",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "a81a56b4cbe3",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "524b4f203afc",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5f148b16972e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "0cb567e72733",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "491085258185",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "1a7c53fdea1d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "525b861a0081",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T16:17:58.719311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1335",
"description": "CWE-1335 Incorrect Bitwise Shift of Integer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T17:20:18.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f2964df6bfce9d92d81ca552010b8677af8d9dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/524b4f203afcf87accfe387e846f33f916f0c907"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f148b16972e5f4592629b244d5109b15135f53f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0cb567e727339a192f9fd0db00781d73a91d15a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/491085258185ffc4fb91555b0dba895fe7656a45"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a7c53fdea1d189087544d9a606d249e93c4934b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/525b861a008143048535011f3816d407940f4bfa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8f2964df6bfce9d92d81ca552010b8677af8d9dc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "524b4f203afcf87accfe387e846f33f916f0c907",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5f148b16972e5f4592629b244d5109b15135f53f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0cb567e727339a192f9fd0db00781d73a91d15a6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "491085258185ffc4fb91555b0dba895fe7656a45",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1a7c53fdea1d189087544d9a606d249e93c4934b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "525b861a008143048535011f3816d407940f4bfa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/jfs: Add check for negative db_l2nbperpage\n\nl2nbperpage is log2(number of blks per page), and the minimum legal\nvalue should be 0, not negative.\n\nIn the case of l2nbperpage being negative, an error will occur\nwhen subsequently used as shift exponent.\n\nSyzbot reported this bug:\n\nUBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12\nshift exponent -16777216 is negative"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:36.926Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01"
},
{
"url": "https://git.kernel.org/stable/c/8f2964df6bfce9d92d81ca552010b8677af8d9dc"
},
{
"url": "https://git.kernel.org/stable/c/a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1"
},
{
"url": "https://git.kernel.org/stable/c/524b4f203afcf87accfe387e846f33f916f0c907"
},
{
"url": "https://git.kernel.org/stable/c/5f148b16972e5f4592629b244d5109b15135f53f"
},
{
"url": "https://git.kernel.org/stable/c/0cb567e727339a192f9fd0db00781d73a91d15a6"
},
{
"url": "https://git.kernel.org/stable/c/491085258185ffc4fb91555b0dba895fe7656a45"
},
{
"url": "https://git.kernel.org/stable/c/1a7c53fdea1d189087544d9a606d249e93c4934b"
},
{
"url": "https://git.kernel.org/stable/c/525b861a008143048535011f3816d407940f4bfa"
}
],
"title": "fs/jfs: Add check for negative db_l2nbperpage",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52810",
"datePublished": "2024-05-21T15:31:19.629Z",
"dateReserved": "2024-05-21T15:19:24.248Z",
"dateUpdated": "2025-05-04T07:43:36.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0092 (GCVE-0-2024-0092)
Vulnerability from cvelistv5
Published
2024-06-13 21:23
Modified
2024-08-01 17:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nvidia | GPU display driver, vGPU software, and Cloud Gaming |
Version: All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T16:45:14.826848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T16:45:23.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GPU display driver, vGPU software, and Cloud Gaming",
"vendor": "nvidia",
"versions": [
{
"status": "affected",
"version": "All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service."
}
],
"value": "NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T21:23:30.327Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE"
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0092",
"datePublished": "2024-06-13T21:23:30.327Z",
"dateReserved": "2023-12-02T00:42:01.816Z",
"dateUpdated": "2024-08-01T17:41:15.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52854 (GCVE-0-2023-52854)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
padata: Fix refcnt handling in padata_free_shell()
In a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead
to system UAF (Use-After-Free) issues. Due to the lengthy analysis of
the pcrypt_aead01 function call, I'll describe the problem scenario
using a simplified model:
Suppose there's a user of padata named `user_function` that adheres to
the padata requirement of calling `padata_free_shell` after `serial()`
has been invoked, as demonstrated in the following code:
```c
struct request {
struct padata_priv padata;
struct completion *done;
};
void parallel(struct padata_priv *padata) {
do_something();
}
void serial(struct padata_priv *padata) {
struct request *request = container_of(padata,
struct request,
padata);
complete(request->done);
}
void user_function() {
DECLARE_COMPLETION(done)
padata->parallel = parallel;
padata->serial = serial;
padata_do_parallel();
wait_for_completion(&done);
padata_free_shell();
}
```
In the corresponding padata.c file, there's the following code:
```c
static void padata_serial_worker(struct work_struct *serial_work) {
...
cnt = 0;
while (!list_empty(&local_list)) {
...
padata->serial(padata);
cnt++;
}
local_bh_enable();
if (refcount_sub_and_test(cnt, &pd->refcnt))
padata_free_pd(pd);
}
```
Because of the high system load and the accumulation of unexecuted
softirq at this moment, `local_bh_enable()` in padata takes longer
to execute than usual. Subsequently, when accessing `pd->refcnt`,
`pd` has already been released by `padata_free_shell()`, resulting
in a UAF issue with `pd->refcnt`.
The fix is straightforward: add `refcount_dec_and_test` before calling
`padata_free_pd` in `padata_free_shell`.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 07928d9bfc81640bab36f5190e8725894d93b659 Version: 07928d9bfc81640bab36f5190e8725894d93b659 Version: 07928d9bfc81640bab36f5190e8725894d93b659 Version: 07928d9bfc81640bab36f5190e8725894d93b659 Version: 07928d9bfc81640bab36f5190e8725894d93b659 Version: 07928d9bfc81640bab36f5190e8725894d93b659 Version: 13721e447acc2b82c19cf72e9e6c4291c77693ed Version: 7a2ccb65f90168edc2348495bb56093c466ffa39 Version: 928cf3d733c4efc221e1a78b14cb2ee066627260 Version: c9da8ee1491719001a444f4af688b75e72b58418 Version: dc34710a7aba5207e7cb99d11588c04535b3c53d Version: 5fefc9b3e3584a1ce98da27c38e1b8dda1939d74 Version: 26daf8e6515c2dcd25d235468420b9f46e0acdac |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:22:41.019729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:36.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41aad9d6953984d134fc50f631f24ef476875d4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0dd34a7ad395dbcf6ae60e48e9786050e25b9bc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7c26d0ef5d20f00dbb2ae3befcabbe0efa77275"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e901bcb8af19416b65f5063a4af7996e5a51d7f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1734a79e951914f1db2c65e635012a35db1c674b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ddc21e317b360c3444de3023bcc83b85fabae2f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "41aad9d6953984d134fc50f631f24ef476875d4d",
"status": "affected",
"version": "07928d9bfc81640bab36f5190e8725894d93b659",
"versionType": "git"
},
{
"lessThan": "0dd34a7ad395dbcf6ae60e48e9786050e25b9bc5",
"status": "affected",
"version": "07928d9bfc81640bab36f5190e8725894d93b659",
"versionType": "git"
},
{
"lessThan": "c7c26d0ef5d20f00dbb2ae3befcabbe0efa77275",
"status": "affected",
"version": "07928d9bfc81640bab36f5190e8725894d93b659",
"versionType": "git"
},
{
"lessThan": "1e901bcb8af19416b65f5063a4af7996e5a51d7f",
"status": "affected",
"version": "07928d9bfc81640bab36f5190e8725894d93b659",
"versionType": "git"
},
{
"lessThan": "1734a79e951914f1db2c65e635012a35db1c674b",
"status": "affected",
"version": "07928d9bfc81640bab36f5190e8725894d93b659",
"versionType": "git"
},
{
"lessThan": "7ddc21e317b360c3444de3023bcc83b85fabae2f",
"status": "affected",
"version": "07928d9bfc81640bab36f5190e8725894d93b659",
"versionType": "git"
},
{
"status": "affected",
"version": "13721e447acc2b82c19cf72e9e6c4291c77693ed",
"versionType": "git"
},
{
"status": "affected",
"version": "7a2ccb65f90168edc2348495bb56093c466ffa39",
"versionType": "git"
},
{
"status": "affected",
"version": "928cf3d733c4efc221e1a78b14cb2ee066627260",
"versionType": "git"
},
{
"status": "affected",
"version": "c9da8ee1491719001a444f4af688b75e72b58418",
"versionType": "git"
},
{
"status": "affected",
"version": "dc34710a7aba5207e7cb99d11588c04535b3c53d",
"versionType": "git"
},
{
"status": "affected",
"version": "5fefc9b3e3584a1ce98da27c38e1b8dda1939d74",
"versionType": "git"
},
{
"status": "affected",
"version": "26daf8e6515c2dcd25d235468420b9f46e0acdac",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix refcnt handling in padata_free_shell()\n\nIn a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead\nto system UAF (Use-After-Free) issues. Due to the lengthy analysis of\nthe pcrypt_aead01 function call, I\u0027ll describe the problem scenario\nusing a simplified model:\n\nSuppose there\u0027s a user of padata named `user_function` that adheres to\nthe padata requirement of calling `padata_free_shell` after `serial()`\nhas been invoked, as demonstrated in the following code:\n\n```c\nstruct request {\n struct padata_priv padata;\n struct completion *done;\n};\n\nvoid parallel(struct padata_priv *padata) {\n do_something();\n}\n\nvoid serial(struct padata_priv *padata) {\n struct request *request = container_of(padata,\n \t\t\t\tstruct request,\n\t\t\t\tpadata);\n complete(request-\u003edone);\n}\n\nvoid user_function() {\n DECLARE_COMPLETION(done)\n padata-\u003eparallel = parallel;\n padata-\u003eserial = serial;\n padata_do_parallel();\n wait_for_completion(\u0026done);\n padata_free_shell();\n}\n```\n\nIn the corresponding padata.c file, there\u0027s the following code:\n\n```c\nstatic void padata_serial_worker(struct work_struct *serial_work) {\n ...\n cnt = 0;\n\n while (!list_empty(\u0026local_list)) {\n ...\n padata-\u003eserial(padata);\n cnt++;\n }\n\n local_bh_enable();\n\n if (refcount_sub_and_test(cnt, \u0026pd-\u003erefcnt))\n padata_free_pd(pd);\n}\n```\n\nBecause of the high system load and the accumulation of unexecuted\nsoftirq at this moment, `local_bh_enable()` in padata takes longer\nto execute than usual. Subsequently, when accessing `pd-\u003erefcnt`,\n`pd` has already been released by `padata_free_shell()`, resulting\nin a UAF issue with `pd-\u003erefcnt`.\n\nThe fix is straightforward: add `refcount_dec_and_test` before calling\n`padata_free_pd` in `padata_free_shell`."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:42.224Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/41aad9d6953984d134fc50f631f24ef476875d4d"
},
{
"url": "https://git.kernel.org/stable/c/0dd34a7ad395dbcf6ae60e48e9786050e25b9bc5"
},
{
"url": "https://git.kernel.org/stable/c/c7c26d0ef5d20f00dbb2ae3befcabbe0efa77275"
},
{
"url": "https://git.kernel.org/stable/c/1e901bcb8af19416b65f5063a4af7996e5a51d7f"
},
{
"url": "https://git.kernel.org/stable/c/1734a79e951914f1db2c65e635012a35db1c674b"
},
{
"url": "https://git.kernel.org/stable/c/7ddc21e317b360c3444de3023bcc83b85fabae2f"
}
],
"title": "padata: Fix refcnt handling in padata_free_shell()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52854",
"datePublished": "2024-05-21T15:31:49.235Z",
"dateReserved": "2024-05-21T15:19:24.256Z",
"dateUpdated": "2025-05-04T12:49:42.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52805 (GCVE-0-2023-52805)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-10-01 19:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix array-index-out-of-bounds in diAlloc
Currently there is not check against the agno of the iag while
allocating new inodes to avoid fragmentation problem. Added the check
which is required.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:18:27.367558Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:18:52.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_imap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2308d0fb0dc32446b4e6ca37cd09c30374bb64e9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cf7e3e84df36a9953796c737f080712f631d7083",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1ba7df5457dc1c1071c5f92ac11323533a6430e1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "64f062baf202b82f54987a3f614a6c8f3e466641",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "665b44e55c2767a4f899c3b18f49e9e1c9983777",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1708d0a9917fea579cc9da3d87b154285abd2cd8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "05d9ea1ceb62a55af6727a69269a4fd310edf483",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_imap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in diAlloc\n\nCurrently there is not check against the agno of the iag while\nallocating new inodes to avoid fragmentation problem. Added the check\nwhich is required."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:31.380Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9"
},
{
"url": "https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083"
},
{
"url": "https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c"
},
{
"url": "https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1"
},
{
"url": "https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641"
},
{
"url": "https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d"
},
{
"url": "https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777"
},
{
"url": "https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8"
},
{
"url": "https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483"
}
],
"title": "jfs: fix array-index-out-of-bounds in diAlloc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52805",
"datePublished": "2024-05-21T15:31:16.374Z",
"dateReserved": "2024-05-21T15:19:24.247Z",
"dateUpdated": "2025-10-01T19:18:52.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38545 (GCVE-0-2024-38545)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix UAF for cq async event
The refcount of CQ is not protected by locks. When CQ asynchronous
events and CQ destruction are concurrent, CQ may have been released,
which will cause UAF.
Use the xa_lock() to protect the CQ refcount.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9a4435375cd151e07c0c38fa601b00115986091b Version: 9a4435375cd151e07c0c38fa601b00115986091b Version: 9a4435375cd151e07c0c38fa601b00115986091b Version: 9a4435375cd151e07c0c38fa601b00115986091b Version: 9a4435375cd151e07c0c38fa601b00115986091b Version: 9a4435375cd151e07c0c38fa601b00115986091b |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/763780ef0336a973e933e40e919339381732dcaf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/63da190eeb5c9d849b71f457b15b308c94cbaf08"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39d26cf46306bdc7ae809ecfdbfeff5aa1098911"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37a7559dc1358a8d300437e99ed8ecdab0671507"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a942ec2745ca864cd8512142100e4027dc306a42"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:07.173513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:57.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_cq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "330c825e66ef65278e4ebe57fd49c1d6f3f4e34e",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "763780ef0336a973e933e40e919339381732dcaf",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "63da190eeb5c9d849b71f457b15b308c94cbaf08",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "39d26cf46306bdc7ae809ecfdbfeff5aa1098911",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "37a7559dc1358a8d300437e99ed8ecdab0671507",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
},
{
"lessThan": "a942ec2745ca864cd8512142100e4027dc306a42",
"status": "affected",
"version": "9a4435375cd151e07c0c38fa601b00115986091b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_cq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix UAF for cq async event\n\nThe refcount of CQ is not protected by locks. When CQ asynchronous\nevents and CQ destruction are concurrent, CQ may have been released,\nwhich will cause UAF.\n\nUse the xa_lock() to protect the CQ refcount."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:41.613Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/330c825e66ef65278e4ebe57fd49c1d6f3f4e34e"
},
{
"url": "https://git.kernel.org/stable/c/763780ef0336a973e933e40e919339381732dcaf"
},
{
"url": "https://git.kernel.org/stable/c/63da190eeb5c9d849b71f457b15b308c94cbaf08"
},
{
"url": "https://git.kernel.org/stable/c/39d26cf46306bdc7ae809ecfdbfeff5aa1098911"
},
{
"url": "https://git.kernel.org/stable/c/37a7559dc1358a8d300437e99ed8ecdab0671507"
},
{
"url": "https://git.kernel.org/stable/c/a942ec2745ca864cd8512142100e4027dc306a42"
}
],
"title": "RDMA/hns: Fix UAF for cq async event",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38545",
"datePublished": "2024-06-19T13:35:19.336Z",
"dateReserved": "2024-06-18T19:36:34.919Z",
"dateUpdated": "2025-05-04T09:13:41.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38546 (GCVE-0-2024-38546)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm: vc4: Fix possible null pointer dereference
In vc4_hdmi_audio_init() of_get_address() may return
NULL which is later dereferenced. Fix this bug by adding NULL check.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bb7d78568814a31a11fa14f1479a9fe51f1582ad Version: bb7d78568814a31a11fa14f1479a9fe51f1582ad Version: bb7d78568814a31a11fa14f1479a9fe51f1582ad Version: bb7d78568814a31a11fa14f1479a9fe51f1582ad Version: bb7d78568814a31a11fa14f1479a9fe51f1582ad Version: bb7d78568814a31a11fa14f1479a9fe51f1582ad Version: bb7d78568814a31a11fa14f1479a9fe51f1582ad |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d9adecc88ab678785b581ab021f039372c324cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6cf1874aec42058a5ad621a23b5b2f248def0e96"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80431ea3634efb47a3004305d76486db9dd8ed49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42c22b63056cea259d5313bf138a834840af85a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a345fe928c21de6f3c3c7230ff509d715153a31"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd7827d46d403f8cdb43d16744cb1114e4726b21"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c534b63bede6cb987c2946ed4d0b0013a52c5ba7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:03.912368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:57.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vc4/vc4_hdmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2d9adecc88ab678785b581ab021f039372c324cb",
"status": "affected",
"version": "bb7d78568814a31a11fa14f1479a9fe51f1582ad",
"versionType": "git"
},
{
"lessThan": "6cf1874aec42058a5ad621a23b5b2f248def0e96",
"status": "affected",
"version": "bb7d78568814a31a11fa14f1479a9fe51f1582ad",
"versionType": "git"
},
{
"lessThan": "80431ea3634efb47a3004305d76486db9dd8ed49",
"status": "affected",
"version": "bb7d78568814a31a11fa14f1479a9fe51f1582ad",
"versionType": "git"
},
{
"lessThan": "42c22b63056cea259d5313bf138a834840af85a5",
"status": "affected",
"version": "bb7d78568814a31a11fa14f1479a9fe51f1582ad",
"versionType": "git"
},
{
"lessThan": "2a345fe928c21de6f3c3c7230ff509d715153a31",
"status": "affected",
"version": "bb7d78568814a31a11fa14f1479a9fe51f1582ad",
"versionType": "git"
},
{
"lessThan": "bd7827d46d403f8cdb43d16744cb1114e4726b21",
"status": "affected",
"version": "bb7d78568814a31a11fa14f1479a9fe51f1582ad",
"versionType": "git"
},
{
"lessThan": "c534b63bede6cb987c2946ed4d0b0013a52c5ba7",
"status": "affected",
"version": "bb7d78568814a31a11fa14f1479a9fe51f1582ad",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vc4/vc4_hdmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: vc4: Fix possible null pointer dereference\n\nIn vc4_hdmi_audio_init() of_get_address() may return\nNULL which is later dereferenced. Fix this bug by adding NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:43.179Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2d9adecc88ab678785b581ab021f039372c324cb"
},
{
"url": "https://git.kernel.org/stable/c/6cf1874aec42058a5ad621a23b5b2f248def0e96"
},
{
"url": "https://git.kernel.org/stable/c/80431ea3634efb47a3004305d76486db9dd8ed49"
},
{
"url": "https://git.kernel.org/stable/c/42c22b63056cea259d5313bf138a834840af85a5"
},
{
"url": "https://git.kernel.org/stable/c/2a345fe928c21de6f3c3c7230ff509d715153a31"
},
{
"url": "https://git.kernel.org/stable/c/bd7827d46d403f8cdb43d16744cb1114e4726b21"
},
{
"url": "https://git.kernel.org/stable/c/c534b63bede6cb987c2946ed4d0b0013a52c5ba7"
}
],
"title": "drm: vc4: Fix possible null pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38546",
"datePublished": "2024-06-19T13:35:20.024Z",
"dateReserved": "2024-06-18T19:36:34.919Z",
"dateUpdated": "2025-05-04T09:13:43.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38567 (GCVE-0-2024-38567)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: carl9170: add a proper sanity check for endpoints
Syzkaller reports [1] hitting a warning which is caused by presence
of a wrong endpoint type at the URB sumbitting stage. While there
was a check for a specific 4th endpoint, since it can switch types
between bulk and interrupt, other endpoints are trusted implicitly.
Similar warning is triggered in a couple of other syzbot issues [2].
Fix the issue by doing a comprehensive check of all endpoints
taking into account difference between high- and full-speed
configuration.
[1] Syzkaller report:
...
WARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
...
Call Trace:
<TASK>
carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504
carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]
carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]
carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028
request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107
process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
worker_thread+0x669/0x1090 kernel/workqueue.c:2436
kthread+0x2e8/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
[2] Related syzkaller crashes:
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c Version: a84fab3cbfdc427e7d366f1cc844f27b2084c26c |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb0f2fc3ff5806cc572cd9055ce7c52a01e97645"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac3ed46a8741d464bc70ebdf7433c1d786cf329d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8650725bb0a48b206d5a8ddad3a7488f9a5985b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a9892bf24c906b4d6b587f8759ca38bff672582"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/265c3cda471c26e0f25d0c755da94e1eb15d7a0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62eb07923f3693d55b0c2d9a5a4f1ad72cb6b8fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03ddc74bdfd71b84a55c9f2185d8787f258422cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0fa08a55201ab9be72bacb8ea93cf752d338184f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:28.409371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:56.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/carl9170/usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eb0f2fc3ff5806cc572cd9055ce7c52a01e97645",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "ac3ed46a8741d464bc70ebdf7433c1d786cf329d",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "8650725bb0a48b206d5a8ddad3a7488f9a5985b7",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "6a9892bf24c906b4d6b587f8759ca38bff672582",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "265c3cda471c26e0f25d0c755da94e1eb15d7a0c",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "62eb07923f3693d55b0c2d9a5a4f1ad72cb6b8fd",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "03ddc74bdfd71b84a55c9f2185d8787f258422cd",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "0fa08a55201ab9be72bacb8ea93cf752d338184f",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
},
{
"lessThan": "b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0",
"status": "affected",
"version": "a84fab3cbfdc427e7d366f1cc844f27b2084c26c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/carl9170/usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.37"
},
{
"lessThan": "2.6.37",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n \u003cTASK\u003e\n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n \u003c/TASK\u003e\n\n[2] Related syzkaller crashes:"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:16.695Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eb0f2fc3ff5806cc572cd9055ce7c52a01e97645"
},
{
"url": "https://git.kernel.org/stable/c/ac3ed46a8741d464bc70ebdf7433c1d786cf329d"
},
{
"url": "https://git.kernel.org/stable/c/8650725bb0a48b206d5a8ddad3a7488f9a5985b7"
},
{
"url": "https://git.kernel.org/stable/c/6a9892bf24c906b4d6b587f8759ca38bff672582"
},
{
"url": "https://git.kernel.org/stable/c/265c3cda471c26e0f25d0c755da94e1eb15d7a0c"
},
{
"url": "https://git.kernel.org/stable/c/62eb07923f3693d55b0c2d9a5a4f1ad72cb6b8fd"
},
{
"url": "https://git.kernel.org/stable/c/03ddc74bdfd71b84a55c9f2185d8787f258422cd"
},
{
"url": "https://git.kernel.org/stable/c/0fa08a55201ab9be72bacb8ea93cf752d338184f"
},
{
"url": "https://git.kernel.org/stable/c/b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0"
}
],
"title": "wifi: carl9170: add a proper sanity check for endpoints",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38567",
"datePublished": "2024-06-19T13:35:34.254Z",
"dateReserved": "2024-06-18T19:36:34.923Z",
"dateUpdated": "2025-05-04T09:14:16.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35979 (GCVE-0-2024-35979)
Vulnerability from cvelistv5
Published
2024-05-20 09:42
Modified
2025-05-04 09:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
raid1: fix use-after-free for original bio in raid1_write_request()
r1_bio->bios[] is used to record new bios that will be issued to
underlying disks, however, in raid1_write_request(), r1_bio->bios[]
will set to the original bio temporarily. Meanwhile, if blocked rdev
is set, free_r1bio() will be called causing that all r1_bio->bios[]
to be freed:
raid1_write_request()
r1_bio = alloc_r1bio(mddev, bio); -> r1_bio->bios[] is NULL
for (i = 0; i < disks; i++) -> for each rdev in conf
// first rdev is normal
r1_bio->bios[0] = bio; -> set to original bio
// second rdev is blocked
if (test_bit(Blocked, &rdev->flags))
break
if (blocked_rdev)
free_r1bio()
put_all_bios()
bio_put(r1_bio->bios[0]) -> original bio is freed
Test scripts:
mdadm -CR /dev/md0 -l1 -n4 /dev/sd[abcd] --assume-clean
fio -filename=/dev/md0 -ioengine=libaio -rw=write -bs=4k -numjobs=1 \
-iodepth=128 -name=test -direct=1
echo blocked > /sys/block/md0/md/rd2/state
Test result:
BUG bio-264 (Not tainted): Object already free
-----------------------------------------------------------------------------
Allocated in mempool_alloc_slab+0x24/0x50 age=1 cpu=1 pid=869
kmem_cache_alloc+0x324/0x480
mempool_alloc_slab+0x24/0x50
mempool_alloc+0x6e/0x220
bio_alloc_bioset+0x1af/0x4d0
blkdev_direct_IO+0x164/0x8a0
blkdev_write_iter+0x309/0x440
aio_write+0x139/0x2f0
io_submit_one+0x5ca/0xb70
__do_sys_io_submit+0x86/0x270
__x64_sys_io_submit+0x22/0x30
do_syscall_64+0xb1/0x210
entry_SYSCALL_64_after_hwframe+0x6c/0x74
Freed in mempool_free_slab+0x1f/0x30 age=1 cpu=1 pid=869
kmem_cache_free+0x28c/0x550
mempool_free_slab+0x1f/0x30
mempool_free+0x40/0x100
bio_free+0x59/0x80
bio_put+0xf0/0x220
free_r1bio+0x74/0xb0
raid1_make_request+0xadf/0x1150
md_handle_request+0xc7/0x3b0
md_submit_bio+0x76/0x130
__submit_bio+0xd8/0x1d0
submit_bio_noacct_nocheck+0x1eb/0x5c0
submit_bio_noacct+0x169/0xd40
submit_bio+0xee/0x1d0
blkdev_direct_IO+0x322/0x8a0
blkdev_write_iter+0x309/0x440
aio_write+0x139/0x2f0
Since that bios for underlying disks are not allocated yet, fix this
problem by using mempool_free() directly to free the r1_bio.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:38:14.409469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:40:22.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f28d49a328fe20926995d5fbdc92da665596268"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f423f41b7679c09abb26d2bd54be5cbef23c9446"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fcf3f7e2fc8a53a6140beee46ec782a4c88e4744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/raid1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3f28d49a328fe20926995d5fbdc92da665596268",
"status": "affected",
"version": "992db13a4aee766c8bfbf046ad15c2db5fa7cab8",
"versionType": "git"
},
{
"lessThan": "f423f41b7679c09abb26d2bd54be5cbef23c9446",
"status": "affected",
"version": "992db13a4aee766c8bfbf046ad15c2db5fa7cab8",
"versionType": "git"
},
{
"lessThan": "fcf3f7e2fc8a53a6140beee46ec782a4c88e4744",
"status": "affected",
"version": "992db13a4aee766c8bfbf046ad15c2db5fa7cab8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/raid1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nraid1: fix use-after-free for original bio in raid1_write_request()\n\nr1_bio-\u003ebios[] is used to record new bios that will be issued to\nunderlying disks, however, in raid1_write_request(), r1_bio-\u003ebios[]\nwill set to the original bio temporarily. Meanwhile, if blocked rdev\nis set, free_r1bio() will be called causing that all r1_bio-\u003ebios[]\nto be freed:\n\nraid1_write_request()\n r1_bio = alloc_r1bio(mddev, bio); -\u003e r1_bio-\u003ebios[] is NULL\n for (i = 0; i \u003c disks; i++) -\u003e for each rdev in conf\n // first rdev is normal\n r1_bio-\u003ebios[0] = bio; -\u003e set to original bio\n // second rdev is blocked\n if (test_bit(Blocked, \u0026rdev-\u003eflags))\n break\n\n if (blocked_rdev)\n free_r1bio()\n put_all_bios()\n bio_put(r1_bio-\u003ebios[0]) -\u003e original bio is freed\n\nTest scripts:\n\nmdadm -CR /dev/md0 -l1 -n4 /dev/sd[abcd] --assume-clean\nfio -filename=/dev/md0 -ioengine=libaio -rw=write -bs=4k -numjobs=1 \\\n -iodepth=128 -name=test -direct=1\necho blocked \u003e /sys/block/md0/md/rd2/state\n\nTest result:\n\nBUG bio-264 (Not tainted): Object already free\n-----------------------------------------------------------------------------\n\nAllocated in mempool_alloc_slab+0x24/0x50 age=1 cpu=1 pid=869\n kmem_cache_alloc+0x324/0x480\n mempool_alloc_slab+0x24/0x50\n mempool_alloc+0x6e/0x220\n bio_alloc_bioset+0x1af/0x4d0\n blkdev_direct_IO+0x164/0x8a0\n blkdev_write_iter+0x309/0x440\n aio_write+0x139/0x2f0\n io_submit_one+0x5ca/0xb70\n __do_sys_io_submit+0x86/0x270\n __x64_sys_io_submit+0x22/0x30\n do_syscall_64+0xb1/0x210\n entry_SYSCALL_64_after_hwframe+0x6c/0x74\nFreed in mempool_free_slab+0x1f/0x30 age=1 cpu=1 pid=869\n kmem_cache_free+0x28c/0x550\n mempool_free_slab+0x1f/0x30\n mempool_free+0x40/0x100\n bio_free+0x59/0x80\n bio_put+0xf0/0x220\n free_r1bio+0x74/0xb0\n raid1_make_request+0xadf/0x1150\n md_handle_request+0xc7/0x3b0\n md_submit_bio+0x76/0x130\n __submit_bio+0xd8/0x1d0\n submit_bio_noacct_nocheck+0x1eb/0x5c0\n submit_bio_noacct+0x169/0xd40\n submit_bio+0xee/0x1d0\n blkdev_direct_IO+0x322/0x8a0\n blkdev_write_iter+0x309/0x440\n aio_write+0x139/0x2f0\n\nSince that bios for underlying disks are not allocated yet, fix this\nproblem by using mempool_free() directly to free the r1_bio."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:09:45.251Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3f28d49a328fe20926995d5fbdc92da665596268"
},
{
"url": "https://git.kernel.org/stable/c/f423f41b7679c09abb26d2bd54be5cbef23c9446"
},
{
"url": "https://git.kernel.org/stable/c/fcf3f7e2fc8a53a6140beee46ec782a4c88e4744"
}
],
"title": "raid1: fix use-after-free for original bio in raid1_write_request()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35979",
"datePublished": "2024-05-20T09:42:04.424Z",
"dateReserved": "2024-05-17T13:50:33.144Z",
"dateUpdated": "2025-05-04T09:09:45.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52800 (GCVE-0-2023-52800)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: fix htt pktlog locking
The ath11k active pdevs are protected by RCU but the htt pktlog handling
code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a
read-side critical section.
Mark the code in question as an RCU read-side critical section to avoid
any potential use-after-free issues.
Compile tested only.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d5c65159f2895379e11ca13f62feabe93278985d Version: d5c65159f2895379e11ca13f62feabe93278985d Version: d5c65159f2895379e11ca13f62feabe93278985d Version: d5c65159f2895379e11ca13f62feabe93278985d Version: d5c65159f2895379e11ca13f62feabe93278985d Version: d5c65159f2895379e11ca13f62feabe93278985d |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T17:43:54.246107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T19:04:08.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03ed26935bebf6b6fd8a656490bf3dcc71b72679"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a51e6b4da71fdfa43ec006d6abc020f3e22d14e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3199b3fac65c9f103055390b6fd07c5cffa5961"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/423762f021825b5e57c3d6f01ff96a9ff19cdcd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69cede2a5a5f60e3f5602b901b52cb64edd2ea6c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f77c7d605b29df277d77e9ee75d96e7ad145d2d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/dp_rx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "03ed26935bebf6b6fd8a656490bf3dcc71b72679",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "3a51e6b4da71fdfa43ec006d6abc020f3e22d14e",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "e3199b3fac65c9f103055390b6fd07c5cffa5961",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "423762f021825b5e57c3d6f01ff96a9ff19cdcd8",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "69cede2a5a5f60e3f5602b901b52cb64edd2ea6c",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "3f77c7d605b29df277d77e9ee75d96e7ad145d2d",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/dp_rx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix htt pktlog locking\n\nThe ath11k active pdevs are protected by RCU but the htt pktlog handling\ncode calling ath11k_mac_get_ar_by_pdev_id() was not marked as a\nread-side critical section.\n\nMark the code in question as an RCU read-side critical section to avoid\nany potential use-after-free issues.\n\nCompile tested only."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:26.509Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/03ed26935bebf6b6fd8a656490bf3dcc71b72679"
},
{
"url": "https://git.kernel.org/stable/c/3a51e6b4da71fdfa43ec006d6abc020f3e22d14e"
},
{
"url": "https://git.kernel.org/stable/c/e3199b3fac65c9f103055390b6fd07c5cffa5961"
},
{
"url": "https://git.kernel.org/stable/c/423762f021825b5e57c3d6f01ff96a9ff19cdcd8"
},
{
"url": "https://git.kernel.org/stable/c/69cede2a5a5f60e3f5602b901b52cb64edd2ea6c"
},
{
"url": "https://git.kernel.org/stable/c/3f77c7d605b29df277d77e9ee75d96e7ad145d2d"
}
],
"title": "wifi: ath11k: fix htt pktlog locking",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52800",
"datePublished": "2024-05-21T15:31:13.033Z",
"dateReserved": "2024-05-21T15:19:24.247Z",
"dateUpdated": "2025-05-04T07:43:26.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36960 (GCVE-0-2024-36960)
Vulnerability from cvelistv5
Published
2024-06-03 07:49
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix invalid reads in fence signaled events
Correctly set the length of the drm_event to the size of the structure
that's actually used.
The length of the drm_event was set to the parent structure instead of
to the drm_vmw_event_fence which is supposed to be read. drm_read
uses the length parameter to copy the event to the user space thus
resuling in oob reads.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8b7de6aa84682a3396544fd88cd457f95484573a Version: 8b7de6aa84682a3396544fd88cd457f95484573a Version: 8b7de6aa84682a3396544fd88cd457f95484573a Version: 8b7de6aa84682a3396544fd88cd457f95484573a Version: 8b7de6aa84682a3396544fd88cd457f95484573a Version: 8b7de6aa84682a3396544fd88cd457f95484573a Version: 8b7de6aa84682a3396544fd88cd457f95484573a Version: 8b7de6aa84682a3396544fd88cd457f95484573a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T13:45:10.318634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:40.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f527e3efd37c7c5e85e8aa86308856b619fa59f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cef0962f2d3e5fd0660c8efb72321083a1b531a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cd682357c6167f636aec8ac0efaa8ba61144d36"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7bab33c4623c66e3398d5253870d4e88c52dfc0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0dbfc73670b357456196130551e586345ca48e1b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b5fd3af4a250dd0a2a558e07b43478748eb5d22"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/deab66596dfad14f1c54eeefdb72428340d72a77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vmwgfx/vmwgfx_fence.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2f527e3efd37c7c5e85e8aa86308856b619fa59f",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
},
{
"lessThan": "cef0962f2d3e5fd0660c8efb72321083a1b531a9",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
},
{
"lessThan": "3cd682357c6167f636aec8ac0efaa8ba61144d36",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
},
{
"lessThan": "b7bab33c4623c66e3398d5253870d4e88c52dfc0",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
},
{
"lessThan": "0dbfc73670b357456196130551e586345ca48e1b",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
},
{
"lessThan": "7b5fd3af4a250dd0a2a558e07b43478748eb5d22",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
},
{
"lessThan": "deab66596dfad14f1c54eeefdb72428340d72a77",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
},
{
"lessThan": "a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c",
"status": "affected",
"version": "8b7de6aa84682a3396544fd88cd457f95484573a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vmwgfx/vmwgfx_fence.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.4"
},
{
"lessThan": "3.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix invalid reads in fence signaled events\n\nCorrectly set the length of the drm_event to the size of the structure\nthat\u0027s actually used.\n\nThe length of the drm_event was set to the parent structure instead of\nto the drm_vmw_event_fence which is supposed to be read. drm_read\nuses the length parameter to copy the event to the user space thus\nresuling in oob reads."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:52.237Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f527e3efd37c7c5e85e8aa86308856b619fa59f"
},
{
"url": "https://git.kernel.org/stable/c/cef0962f2d3e5fd0660c8efb72321083a1b531a9"
},
{
"url": "https://git.kernel.org/stable/c/3cd682357c6167f636aec8ac0efaa8ba61144d36"
},
{
"url": "https://git.kernel.org/stable/c/b7bab33c4623c66e3398d5253870d4e88c52dfc0"
},
{
"url": "https://git.kernel.org/stable/c/0dbfc73670b357456196130551e586345ca48e1b"
},
{
"url": "https://git.kernel.org/stable/c/7b5fd3af4a250dd0a2a558e07b43478748eb5d22"
},
{
"url": "https://git.kernel.org/stable/c/deab66596dfad14f1c54eeefdb72428340d72a77"
},
{
"url": "https://git.kernel.org/stable/c/a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c"
}
],
"title": "drm/vmwgfx: Fix invalid reads in fence signaled events",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36960",
"datePublished": "2024-06-03T07:49:58.951Z",
"dateReserved": "2024-05-30T15:25:07.081Z",
"dateUpdated": "2025-05-04T09:12:52.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38629 (GCVE-0-2024-38629)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Avoid unnecessary destruction of file_ida
file_ida is allocated during cdev open and is freed accordingly
during cdev release. This sequence is guaranteed by driver file
operations. Therefore, there is no need to destroy an already empty
file_ida when the WQ cdev is removed.
Worse, ida_free() in cdev release may happen after destruction of
file_ida per WQ cdev. This can lead to accessing an id in file_ida
after it has been destroyed, resulting in a kernel panic.
Remove ida_destroy(&file_ida) to address these issues.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T13:46:11.658594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T13:46:25.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9eb15f24a0b9b017b39cde8b8c07243676b63687"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/15edb906211bf53e7b5574f7326ab734d6bff4f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76e43fa6a456787bad31b8d0daeabda27351a480"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/idxd/cdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9eb15f24a0b9b017b39cde8b8c07243676b63687",
"status": "affected",
"version": "e6fd6d7e5f0fe4a17a08e892afb5db800e7794ec",
"versionType": "git"
},
{
"lessThan": "15edb906211bf53e7b5574f7326ab734d6bff4f9",
"status": "affected",
"version": "e6fd6d7e5f0fe4a17a08e892afb5db800e7794ec",
"versionType": "git"
},
{
"lessThan": "76e43fa6a456787bad31b8d0daeabda27351a480",
"status": "affected",
"version": "e6fd6d7e5f0fe4a17a08e892afb5db800e7794ec",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/idxd/cdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Avoid unnecessary destruction of file_ida\n\nfile_ida is allocated during cdev open and is freed accordingly\nduring cdev release. This sequence is guaranteed by driver file\noperations. Therefore, there is no need to destroy an already empty\nfile_ida when the WQ cdev is removed.\n\nWorse, ida_free() in cdev release may happen after destruction of\nfile_ida per WQ cdev. This can lead to accessing an id in file_ida\nafter it has been destroyed, resulting in a kernel panic.\n\nRemove ida_destroy(\u0026file_ida) to address these issues."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:40.488Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9eb15f24a0b9b017b39cde8b8c07243676b63687"
},
{
"url": "https://git.kernel.org/stable/c/15edb906211bf53e7b5574f7326ab734d6bff4f9"
},
{
"url": "https://git.kernel.org/stable/c/76e43fa6a456787bad31b8d0daeabda27351a480"
}
],
"title": "dmaengine: idxd: Avoid unnecessary destruction of file_ida",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38629",
"datePublished": "2024-06-21T10:18:20.239Z",
"dateReserved": "2024-06-18T19:36:34.946Z",
"dateUpdated": "2025-05-04T09:15:40.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52812 (GCVE-0-2023-52812)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd: check num of link levels when update pcie param
In SR-IOV environment, the value of pcie_table->num_of_link_levels will
be 0, and num_of_levels - 1 will cause array index out of bounds
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:36:42.933997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:36:56.947Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b4574b663d0a1a0a62d5232429b7db9ae6d0670"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09f617219fe9ccd8d7b65dc3e879b5889f663b5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/406e8845356d18bdf3d3a23b347faf67706472ec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2f2d48b6247ae3001f83c98730b3cce475cb2927",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5b4574b663d0a1a0a62d5232429b7db9ae6d0670",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "09f617219fe9ccd8d7b65dc3e879b5889f663b5a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "406e8845356d18bdf3d3a23b347faf67706472ec",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.119",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: check num of link levels when update pcie param\n\nIn SR-IOV environment, the value of pcie_table-\u003enum_of_link_levels will\nbe 0, and num_of_levels - 1 will cause array index out of bounds"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:39.438Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f2d48b6247ae3001f83c98730b3cce475cb2927"
},
{
"url": "https://git.kernel.org/stable/c/5b4574b663d0a1a0a62d5232429b7db9ae6d0670"
},
{
"url": "https://git.kernel.org/stable/c/09f617219fe9ccd8d7b65dc3e879b5889f663b5a"
},
{
"url": "https://git.kernel.org/stable/c/406e8845356d18bdf3d3a23b347faf67706472ec"
}
],
"title": "drm/amd: check num of link levels when update pcie param",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52812",
"datePublished": "2024-05-21T15:31:20.940Z",
"dateReserved": "2024-05-21T15:19:24.248Z",
"dateUpdated": "2025-05-04T07:43:39.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52842 (GCVE-0-2023-52842)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt()
KMSAN reported the following uninit-value access issue:
=====================================================
BUG: KMSAN: uninit-value in virtio_transport_recv_pkt+0x1dfb/0x26a0 net/vmw_vsock/virtio_transport_common.c:1421
virtio_transport_recv_pkt+0x1dfb/0x26a0 net/vmw_vsock/virtio_transport_common.c:1421
vsock_loopback_work+0x3bb/0x5a0 net/vmw_vsock/vsock_loopback.c:120
process_one_work kernel/workqueue.c:2630 [inline]
process_scheduled_works+0xff6/0x1e60 kernel/workqueue.c:2703
worker_thread+0xeca/0x14d0 kernel/workqueue.c:2784
kthread+0x3cc/0x520 kernel/kthread.c:388
ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
Uninit was stored to memory at:
virtio_transport_space_update net/vmw_vsock/virtio_transport_common.c:1274 [inline]
virtio_transport_recv_pkt+0x1ee8/0x26a0 net/vmw_vsock/virtio_transport_common.c:1415
vsock_loopback_work+0x3bb/0x5a0 net/vmw_vsock/vsock_loopback.c:120
process_one_work kernel/workqueue.c:2630 [inline]
process_scheduled_works+0xff6/0x1e60 kernel/workqueue.c:2703
worker_thread+0xeca/0x14d0 kernel/workqueue.c:2784
kthread+0x3cc/0x520 kernel/kthread.c:388
ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
Uninit was created at:
slab_post_alloc_hook+0x105/0xad0 mm/slab.h:767
slab_alloc_node mm/slub.c:3478 [inline]
kmem_cache_alloc_node+0x5a2/0xaf0 mm/slub.c:3523
kmalloc_reserve+0x13c/0x4a0 net/core/skbuff.c:559
__alloc_skb+0x2fd/0x770 net/core/skbuff.c:650
alloc_skb include/linux/skbuff.h:1286 [inline]
virtio_vsock_alloc_skb include/linux/virtio_vsock.h:66 [inline]
virtio_transport_alloc_skb+0x90/0x11e0 net/vmw_vsock/virtio_transport_common.c:58
virtio_transport_reset_no_sock net/vmw_vsock/virtio_transport_common.c:957 [inline]
virtio_transport_recv_pkt+0x1279/0x26a0 net/vmw_vsock/virtio_transport_common.c:1387
vsock_loopback_work+0x3bb/0x5a0 net/vmw_vsock/vsock_loopback.c:120
process_one_work kernel/workqueue.c:2630 [inline]
process_scheduled_works+0xff6/0x1e60 kernel/workqueue.c:2703
worker_thread+0xeca/0x14d0 kernel/workqueue.c:2784
kthread+0x3cc/0x520 kernel/kthread.c:388
ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
CPU: 1 PID: 10664 Comm: kworker/1:5 Not tainted 6.6.0-rc3-00146-g9f3ebbef746f #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-1.fc38 04/01/2014
Workqueue: vsock-loopback vsock_loopback_work
=====================================================
The following simple reproducer can cause the issue described above:
int main(void)
{
int sock;
struct sockaddr_vm addr = {
.svm_family = AF_VSOCK,
.svm_cid = VMADDR_CID_ANY,
.svm_port = 1234,
};
sock = socket(AF_VSOCK, SOCK_STREAM, 0);
connect(sock, (struct sockaddr *)&addr, sizeof(addr));
return 0;
}
This issue occurs because the `buf_alloc` and `fwd_cnt` fields of the
`struct virtio_vsock_hdr` are not initialized when a new skb is allocated
in `virtio_transport_init_hdr()`. This patch resolves the issue by
initializing these fields during allocation.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52842",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:26:02.672939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:39.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd12535b97dd7d18cf655ec78ce1cf1f29a576be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b8906fb48b99e993d6e8a12539f618f4854dd26"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34c4effacfc329aeca5635a69fd9e0f6c90b4101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/vmw_vsock/virtio_transport_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cd12535b97dd7d18cf655ec78ce1cf1f29a576be",
"status": "affected",
"version": "baddcc2c71572968cdaeee1c4ab3dc0ad90fa765",
"versionType": "git"
},
{
"lessThan": "0b8906fb48b99e993d6e8a12539f618f4854dd26",
"status": "affected",
"version": "71dc9ec9ac7d3eee785cdc986c3daeb821381e20",
"versionType": "git"
},
{
"lessThan": "34c4effacfc329aeca5635a69fd9e0f6c90b4101",
"status": "affected",
"version": "71dc9ec9ac7d3eee785cdc986c3daeb821381e20",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/vmw_vsock/virtio_transport_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio/vsock: Fix uninit-value in virtio_transport_recv_pkt()\n\nKMSAN reported the following uninit-value access issue:\n\n=====================================================\nBUG: KMSAN: uninit-value in virtio_transport_recv_pkt+0x1dfb/0x26a0 net/vmw_vsock/virtio_transport_common.c:1421\n virtio_transport_recv_pkt+0x1dfb/0x26a0 net/vmw_vsock/virtio_transport_common.c:1421\n vsock_loopback_work+0x3bb/0x5a0 net/vmw_vsock/vsock_loopback.c:120\n process_one_work kernel/workqueue.c:2630 [inline]\n process_scheduled_works+0xff6/0x1e60 kernel/workqueue.c:2703\n worker_thread+0xeca/0x14d0 kernel/workqueue.c:2784\n kthread+0x3cc/0x520 kernel/kthread.c:388\n ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n\nUninit was stored to memory at:\n virtio_transport_space_update net/vmw_vsock/virtio_transport_common.c:1274 [inline]\n virtio_transport_recv_pkt+0x1ee8/0x26a0 net/vmw_vsock/virtio_transport_common.c:1415\n vsock_loopback_work+0x3bb/0x5a0 net/vmw_vsock/vsock_loopback.c:120\n process_one_work kernel/workqueue.c:2630 [inline]\n process_scheduled_works+0xff6/0x1e60 kernel/workqueue.c:2703\n worker_thread+0xeca/0x14d0 kernel/workqueue.c:2784\n kthread+0x3cc/0x520 kernel/kthread.c:388\n ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n\nUninit was created at:\n slab_post_alloc_hook+0x105/0xad0 mm/slab.h:767\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x5a2/0xaf0 mm/slub.c:3523\n kmalloc_reserve+0x13c/0x4a0 net/core/skbuff.c:559\n __alloc_skb+0x2fd/0x770 net/core/skbuff.c:650\n alloc_skb include/linux/skbuff.h:1286 [inline]\n virtio_vsock_alloc_skb include/linux/virtio_vsock.h:66 [inline]\n virtio_transport_alloc_skb+0x90/0x11e0 net/vmw_vsock/virtio_transport_common.c:58\n virtio_transport_reset_no_sock net/vmw_vsock/virtio_transport_common.c:957 [inline]\n virtio_transport_recv_pkt+0x1279/0x26a0 net/vmw_vsock/virtio_transport_common.c:1387\n vsock_loopback_work+0x3bb/0x5a0 net/vmw_vsock/vsock_loopback.c:120\n process_one_work kernel/workqueue.c:2630 [inline]\n process_scheduled_works+0xff6/0x1e60 kernel/workqueue.c:2703\n worker_thread+0xeca/0x14d0 kernel/workqueue.c:2784\n kthread+0x3cc/0x520 kernel/kthread.c:388\n ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n\nCPU: 1 PID: 10664 Comm: kworker/1:5 Not tainted 6.6.0-rc3-00146-g9f3ebbef746f #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-1.fc38 04/01/2014\nWorkqueue: vsock-loopback vsock_loopback_work\n=====================================================\n\nThe following simple reproducer can cause the issue described above:\n\nint main(void)\n{\n int sock;\n struct sockaddr_vm addr = {\n .svm_family = AF_VSOCK,\n .svm_cid = VMADDR_CID_ANY,\n .svm_port = 1234,\n };\n\n sock = socket(AF_VSOCK, SOCK_STREAM, 0);\n connect(sock, (struct sockaddr *)\u0026addr, sizeof(addr));\n return 0;\n}\n\nThis issue occurs because the `buf_alloc` and `fwd_cnt` fields of the\n`struct virtio_vsock_hdr` are not initialized when a new skb is allocated\nin `virtio_transport_init_hdr()`. This patch resolves the issue by\ninitializing these fields during allocation."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:08.475Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cd12535b97dd7d18cf655ec78ce1cf1f29a576be"
},
{
"url": "https://git.kernel.org/stable/c/0b8906fb48b99e993d6e8a12539f618f4854dd26"
},
{
"url": "https://git.kernel.org/stable/c/34c4effacfc329aeca5635a69fd9e0f6c90b4101"
}
],
"title": "virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52842",
"datePublished": "2024-05-21T15:31:41.180Z",
"dateReserved": "2024-05-21T15:19:24.254Z",
"dateUpdated": "2025-05-04T07:44:08.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52765 (GCVE-0-2023-52765)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mfd: qcom-spmi-pmic: Fix revid implementation
The Qualcomm SPMI PMIC revid implementation is broken in multiple ways.
First, it assumes that just because the sibling base device has been
registered that means that it is also bound to a driver, which may not
be the case (e.g. due to probe deferral or asynchronous probe). This
could trigger a NULL-pointer dereference when attempting to access the
driver data of the unbound device.
Second, it accesses driver data of a sibling device directly and without
any locking, which means that the driver data may be freed while it is
being accessed (e.g. on driver unbind).
Third, it leaks a struct device reference to the sibling device which is
looked up using the spmi_device_from_of() every time a function (child)
device is calling the revid function (e.g. on probe).
Fix this mess by reimplementing the revid lookup so that it is done only
at probe of the PMIC device; the base device fetches the revid info from
the hardware, while any secondary SPMI device fetches the information
from the base device and caches it so that it can be accessed safely
from its children. If the base device has not been probed yet then probe
of a secondary device is deferred.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "e9c11c6e3a0e"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.64"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.5.13"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.3"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:54:35.798483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:55:44.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/db98de0809f12b0edb9cd1be78e1ec1bfeba8f40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ce77b023d42a9f1062eecf438df1af4b4072eb2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/affae18838db5e6b463ee30c821385695af56dc2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b439aaa62fee474a0d84d67a25f4984467e7b95"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mfd/qcom-spmi-pmic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "db98de0809f12b0edb9cd1be78e1ec1bfeba8f40",
"status": "affected",
"version": "e9c11c6e3a0e93903f5a13f8d2f97ae1bba512e1",
"versionType": "git"
},
{
"lessThan": "4ce77b023d42a9f1062eecf438df1af4b4072eb2",
"status": "affected",
"version": "e9c11c6e3a0e93903f5a13f8d2f97ae1bba512e1",
"versionType": "git"
},
{
"lessThan": "affae18838db5e6b463ee30c821385695af56dc2",
"status": "affected",
"version": "e9c11c6e3a0e93903f5a13f8d2f97ae1bba512e1",
"versionType": "git"
},
{
"lessThan": "7b439aaa62fee474a0d84d67a25f4984467e7b95",
"status": "affected",
"version": "e9c11c6e3a0e93903f5a13f8d2f97ae1bba512e1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mfd/qcom-spmi-pmic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: qcom-spmi-pmic: Fix revid implementation\n\nThe Qualcomm SPMI PMIC revid implementation is broken in multiple ways.\n\nFirst, it assumes that just because the sibling base device has been\nregistered that means that it is also bound to a driver, which may not\nbe the case (e.g. due to probe deferral or asynchronous probe). This\ncould trigger a NULL-pointer dereference when attempting to access the\ndriver data of the unbound device.\n\nSecond, it accesses driver data of a sibling device directly and without\nany locking, which means that the driver data may be freed while it is\nbeing accessed (e.g. on driver unbind).\n\nThird, it leaks a struct device reference to the sibling device which is\nlooked up using the spmi_device_from_of() every time a function (child)\ndevice is calling the revid function (e.g. on probe).\n\nFix this mess by reimplementing the revid lookup so that it is done only\nat probe of the PMIC device; the base device fetches the revid info from\nthe hardware, while any secondary SPMI device fetches the information\nfrom the base device and caches it so that it can be accessed safely\nfrom its children. If the base device has not been probed yet then probe\nof a secondary device is deferred."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:41.696Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/db98de0809f12b0edb9cd1be78e1ec1bfeba8f40"
},
{
"url": "https://git.kernel.org/stable/c/4ce77b023d42a9f1062eecf438df1af4b4072eb2"
},
{
"url": "https://git.kernel.org/stable/c/affae18838db5e6b463ee30c821385695af56dc2"
},
{
"url": "https://git.kernel.org/stable/c/7b439aaa62fee474a0d84d67a25f4984467e7b95"
}
],
"title": "mfd: qcom-spmi-pmic: Fix revid implementation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52765",
"datePublished": "2024-05-21T15:30:49.690Z",
"dateReserved": "2024-05-21T15:19:24.238Z",
"dateUpdated": "2025-05-04T07:42:41.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52750 (GCVE-0-2023-52750)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer
Prior to LLVM 15.0.0, LLVM's integrated assembler would incorrectly
byte-swap NOP when compiling for big-endian, and the resulting series of
bytes happened to match the encoding of FNMADD S21, S30, S0, S0.
This went unnoticed until commit:
34f66c4c4d5518c1 ("arm64: Use a positive cpucap for FP/SIMD")
Prior to that commit, the kernel would always enable the use of FPSIMD
early in boot when __cpu_setup() initialized CPACR_EL1, and so usage of
FNMADD within the kernel was not detected, but could result in the
corruption of user or kernel FPSIMD state.
After that commit, the instructions happen to trap during boot prior to
FPSIMD being detected and enabled, e.g.
| Unhandled 64-bit el1h sync exception on CPU0, ESR 0x000000001fe00000 -- ASIMD
| CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1
| Hardware name: linux,dummy-virt (DT)
| pstate: 400000c9 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
| pc : __pi_strcmp+0x1c/0x150
| lr : populate_properties+0xe4/0x254
| sp : ffffd014173d3ad0
| x29: ffffd014173d3af0 x28: fffffbfffddffcb8 x27: 0000000000000000
| x26: 0000000000000058 x25: fffffbfffddfe054 x24: 0000000000000008
| x23: fffffbfffddfe000 x22: fffffbfffddfe000 x21: fffffbfffddfe044
| x20: ffffd014173d3b70 x19: 0000000000000001 x18: 0000000000000005
| x17: 0000000000000010 x16: 0000000000000000 x15: 00000000413e7000
| x14: 0000000000000000 x13: 0000000000001bcc x12: 0000000000000000
| x11: 00000000d00dfeed x10: ffffd414193f2cd0 x9 : 0000000000000000
| x8 : 0101010101010101 x7 : ffffffffffffffc0 x6 : 0000000000000000
| x5 : 0000000000000000 x4 : 0101010101010101 x3 : 000000000000002a
| x2 : 0000000000000001 x1 : ffffd014171f2988 x0 : fffffbfffddffcb8
| Kernel panic - not syncing: Unhandled exception
| CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1
| Hardware name: linux,dummy-virt (DT)
| Call trace:
| dump_backtrace+0xec/0x108
| show_stack+0x18/0x2c
| dump_stack_lvl+0x50/0x68
| dump_stack+0x18/0x24
| panic+0x13c/0x340
| el1t_64_irq_handler+0x0/0x1c
| el1_abort+0x0/0x5c
| el1h_64_sync+0x64/0x68
| __pi_strcmp+0x1c/0x150
| unflatten_dt_nodes+0x1e8/0x2d8
| __unflatten_device_tree+0x5c/0x15c
| unflatten_device_tree+0x38/0x50
| setup_arch+0x164/0x1e0
| start_kernel+0x64/0x38c
| __primary_switched+0xbc/0xc4
Restrict CONFIG_CPU_BIG_ENDIAN to a known good assembler, which is
either GNU as or LLVM's IAS 15.0.0 and newer, which contains the linked
commit.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d08a1e75253b4e19ae290b1c35349f12cfcebc0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/936c9c10efaefaf1ab3ef020e1f8aaaaff1ad2f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef0224ee5399ea8a46bc07dc6c6494961ed5fdd2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd31e534721ab95ef237020fe6995c899ffdf21a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69e619d2fd056fe1f5d0adf01584f2da669e0d28"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/146a15b873353f8ac28dc281c139ff611a3c4848"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:37:19.073827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:33.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/Kconfig"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d08a1e75253b4e19ae290b1c35349f12cfcebc0a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "936c9c10efaefaf1ab3ef020e1f8aaaaff1ad2f9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ef0224ee5399ea8a46bc07dc6c6494961ed5fdd2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bd31e534721ab95ef237020fe6995c899ffdf21a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "69e619d2fd056fe1f5d0adf01584f2da669e0d28",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "146a15b873353f8ac28dc281c139ff611a3c4848",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/Kconfig"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer\n\nPrior to LLVM 15.0.0, LLVM\u0027s integrated assembler would incorrectly\nbyte-swap NOP when compiling for big-endian, and the resulting series of\nbytes happened to match the encoding of FNMADD S21, S30, S0, S0.\n\nThis went unnoticed until commit:\n\n 34f66c4c4d5518c1 (\"arm64: Use a positive cpucap for FP/SIMD\")\n\nPrior to that commit, the kernel would always enable the use of FPSIMD\nearly in boot when __cpu_setup() initialized CPACR_EL1, and so usage of\nFNMADD within the kernel was not detected, but could result in the\ncorruption of user or kernel FPSIMD state.\n\nAfter that commit, the instructions happen to trap during boot prior to\nFPSIMD being detected and enabled, e.g.\n\n| Unhandled 64-bit el1h sync exception on CPU0, ESR 0x000000001fe00000 -- ASIMD\n| CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1\n| Hardware name: linux,dummy-virt (DT)\n| pstate: 400000c9 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : __pi_strcmp+0x1c/0x150\n| lr : populate_properties+0xe4/0x254\n| sp : ffffd014173d3ad0\n| x29: ffffd014173d3af0 x28: fffffbfffddffcb8 x27: 0000000000000000\n| x26: 0000000000000058 x25: fffffbfffddfe054 x24: 0000000000000008\n| x23: fffffbfffddfe000 x22: fffffbfffddfe000 x21: fffffbfffddfe044\n| x20: ffffd014173d3b70 x19: 0000000000000001 x18: 0000000000000005\n| x17: 0000000000000010 x16: 0000000000000000 x15: 00000000413e7000\n| x14: 0000000000000000 x13: 0000000000001bcc x12: 0000000000000000\n| x11: 00000000d00dfeed x10: ffffd414193f2cd0 x9 : 0000000000000000\n| x8 : 0101010101010101 x7 : ffffffffffffffc0 x6 : 0000000000000000\n| x5 : 0000000000000000 x4 : 0101010101010101 x3 : 000000000000002a\n| x2 : 0000000000000001 x1 : ffffd014171f2988 x0 : fffffbfffddffcb8\n| Kernel panic - not syncing: Unhandled exception\n| CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1\n| Hardware name: linux,dummy-virt (DT)\n| Call trace:\n| dump_backtrace+0xec/0x108\n| show_stack+0x18/0x2c\n| dump_stack_lvl+0x50/0x68\n| dump_stack+0x18/0x24\n| panic+0x13c/0x340\n| el1t_64_irq_handler+0x0/0x1c\n| el1_abort+0x0/0x5c\n| el1h_64_sync+0x64/0x68\n| __pi_strcmp+0x1c/0x150\n| unflatten_dt_nodes+0x1e8/0x2d8\n| __unflatten_device_tree+0x5c/0x15c\n| unflatten_device_tree+0x38/0x50\n| setup_arch+0x164/0x1e0\n| start_kernel+0x64/0x38c\n| __primary_switched+0xbc/0xc4\n\nRestrict CONFIG_CPU_BIG_ENDIAN to a known good assembler, which is\neither GNU as or LLVM\u0027s IAS 15.0.0 and newer, which contains the linked\ncommit."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:27.900Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d08a1e75253b4e19ae290b1c35349f12cfcebc0a"
},
{
"url": "https://git.kernel.org/stable/c/936c9c10efaefaf1ab3ef020e1f8aaaaff1ad2f9"
},
{
"url": "https://git.kernel.org/stable/c/ef0224ee5399ea8a46bc07dc6c6494961ed5fdd2"
},
{
"url": "https://git.kernel.org/stable/c/bd31e534721ab95ef237020fe6995c899ffdf21a"
},
{
"url": "https://git.kernel.org/stable/c/69e619d2fd056fe1f5d0adf01584f2da669e0d28"
},
{
"url": "https://git.kernel.org/stable/c/146a15b873353f8ac28dc281c139ff611a3c4848"
}
],
"title": "arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52750",
"datePublished": "2024-05-21T15:30:39.564Z",
"dateReserved": "2024-05-21T15:19:24.234Z",
"dateUpdated": "2025-05-04T07:42:27.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37354 (GCVE-0-2024-37354)
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix crash on racing fsync and size-extending write into prealloc
We have been seeing crashes on duplicate keys in
btrfs_set_item_key_safe():
BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)
------------[ cut here ]------------
kernel BUG at fs/btrfs/ctree.c:2620!
invalid opcode: 0000 [#1] PREEMPT SMP PTI
CPU: 0 PID: 3139 Comm: xfs_io Kdump: loaded Not tainted 6.9.0 #6
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014
RIP: 0010:btrfs_set_item_key_safe+0x11f/0x290 [btrfs]
With the following stack trace:
#0 btrfs_set_item_key_safe (fs/btrfs/ctree.c:2620:4)
#1 btrfs_drop_extents (fs/btrfs/file.c:411:4)
#2 log_one_extent (fs/btrfs/tree-log.c:4732:9)
#3 btrfs_log_changed_extents (fs/btrfs/tree-log.c:4955:9)
#4 btrfs_log_inode (fs/btrfs/tree-log.c:6626:9)
#5 btrfs_log_inode_parent (fs/btrfs/tree-log.c:7070:8)
#6 btrfs_log_dentry_safe (fs/btrfs/tree-log.c:7171:8)
#7 btrfs_sync_file (fs/btrfs/file.c:1933:8)
#8 vfs_fsync_range (fs/sync.c:188:9)
#9 vfs_fsync (fs/sync.c:202:9)
#10 do_fsync (fs/sync.c:212:9)
#11 __do_sys_fdatasync (fs/sync.c:225:9)
#12 __se_sys_fdatasync (fs/sync.c:223:1)
#13 __x64_sys_fdatasync (fs/sync.c:223:1)
#14 do_syscall_x64 (arch/x86/entry/common.c:52:14)
#15 do_syscall_64 (arch/x86/entry/common.c:83:7)
#16 entry_SYSCALL_64+0xaf/0x14c (arch/x86/entry/entry_64.S:121)
So we're logging a changed extent from fsync, which is splitting an
extent in the log tree. But this split part already exists in the tree,
triggering the BUG().
This is the state of the log tree at the time of the crash, dumped with
drgn (https://github.com/osandov/drgn/blob/main/contrib/btrfs_tree.py)
to get more details than btrfs_print_leaf() gives us:
>>> print_extent_buffer(prog.crashed_thread().stack_trace()[0]["eb"])
leaf 33439744 level 0 items 72 generation 9 owner 18446744073709551610
leaf 33439744 flags 0x100000000000000
fs uuid e5bd3946-400c-4223-8923-190ef1f18677
chunk uuid d58cb17e-6d02-494a-829a-18b7d8a399da
item 0 key (450 INODE_ITEM 0) itemoff 16123 itemsize 160
generation 7 transid 9 size 8192 nbytes 8473563889606862198
block group 0 mode 100600 links 1 uid 0 gid 0 rdev 0
sequence 204 flags 0x10(PREALLOC)
atime 1716417703.220000000 (2024-05-22 15:41:43)
ctime 1716417704.983333333 (2024-05-22 15:41:44)
mtime 1716417704.983333333 (2024-05-22 15:41:44)
otime 17592186044416.000000000 (559444-03-08 01:40:16)
item 1 key (450 INODE_REF 256) itemoff 16110 itemsize 13
index 195 namelen 3 name: 193
item 2 key (450 XATTR_ITEM 1640047104) itemoff 16073 itemsize 37
location key (0 UNKNOWN.0 0) type XATTR
transid 7 data_len 1 name_len 6
name: user.a
data a
item 3 key (450 EXTENT_DATA 0) itemoff 16020 itemsize 53
generation 9 type 1 (regular)
extent data disk byte 303144960 nr 12288
extent data offset 0 nr 4096 ram 12288
extent compression 0 (none)
item 4 key (450 EXTENT_DATA 4096) itemoff 15967 itemsize 53
generation 9 type 2 (prealloc)
prealloc data disk byte 303144960 nr 12288
prealloc data offset 4096 nr 8192
item 5 key (450 EXTENT_DATA 8192) itemoff 15914 itemsize 53
generation 9 type 2 (prealloc)
prealloc data disk byte 303144960 nr 12288
prealloc data offset 8192 nr 4096
...
So the real problem happened earlier: notice that items 4 (4k-12k) and 5
(8k-12k) overlap. Both are prealloc extents. Item 4 straddles i_size and
item 5 starts at i_size.
Here is the state of
---truncated---
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T15:43:24.537360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T15:43:32.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:56.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ff2bd566fbcefcb892be85c493bdb92b911c428"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d08c52ba1887a1ff9c179d4b6a18b427bcb2097"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4e5ed974876c14d3623e04dc43d3e3281bc6011"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d274c19a71b3a276949933859610721a453946b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/tree-log.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1ff2bd566fbcefcb892be85c493bdb92b911c428",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3d08c52ba1887a1ff9c179d4b6a18b427bcb2097",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f4e5ed974876c14d3623e04dc43d3e3281bc6011",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9d274c19a71b3a276949933859610721a453946b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/tree-log.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix crash on racing fsync and size-extending write into prealloc\n\nWe have been seeing crashes on duplicate keys in\nbtrfs_set_item_key_safe():\n\n BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/ctree.c:2620!\n invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 0 PID: 3139 Comm: xfs_io Kdump: loaded Not tainted 6.9.0 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\n RIP: 0010:btrfs_set_item_key_safe+0x11f/0x290 [btrfs]\n\nWith the following stack trace:\n\n #0 btrfs_set_item_key_safe (fs/btrfs/ctree.c:2620:4)\n #1 btrfs_drop_extents (fs/btrfs/file.c:411:4)\n #2 log_one_extent (fs/btrfs/tree-log.c:4732:9)\n #3 btrfs_log_changed_extents (fs/btrfs/tree-log.c:4955:9)\n #4 btrfs_log_inode (fs/btrfs/tree-log.c:6626:9)\n #5 btrfs_log_inode_parent (fs/btrfs/tree-log.c:7070:8)\n #6 btrfs_log_dentry_safe (fs/btrfs/tree-log.c:7171:8)\n #7 btrfs_sync_file (fs/btrfs/file.c:1933:8)\n #8 vfs_fsync_range (fs/sync.c:188:9)\n #9 vfs_fsync (fs/sync.c:202:9)\n #10 do_fsync (fs/sync.c:212:9)\n #11 __do_sys_fdatasync (fs/sync.c:225:9)\n #12 __se_sys_fdatasync (fs/sync.c:223:1)\n #13 __x64_sys_fdatasync (fs/sync.c:223:1)\n #14 do_syscall_x64 (arch/x86/entry/common.c:52:14)\n #15 do_syscall_64 (arch/x86/entry/common.c:83:7)\n #16 entry_SYSCALL_64+0xaf/0x14c (arch/x86/entry/entry_64.S:121)\n\nSo we\u0027re logging a changed extent from fsync, which is splitting an\nextent in the log tree. But this split part already exists in the tree,\ntriggering the BUG().\n\nThis is the state of the log tree at the time of the crash, dumped with\ndrgn (https://github.com/osandov/drgn/blob/main/contrib/btrfs_tree.py)\nto get more details than btrfs_print_leaf() gives us:\n\n \u003e\u003e\u003e print_extent_buffer(prog.crashed_thread().stack_trace()[0][\"eb\"])\n leaf 33439744 level 0 items 72 generation 9 owner 18446744073709551610\n leaf 33439744 flags 0x100000000000000\n fs uuid e5bd3946-400c-4223-8923-190ef1f18677\n chunk uuid d58cb17e-6d02-494a-829a-18b7d8a399da\n item 0 key (450 INODE_ITEM 0) itemoff 16123 itemsize 160\n generation 7 transid 9 size 8192 nbytes 8473563889606862198\n block group 0 mode 100600 links 1 uid 0 gid 0 rdev 0\n sequence 204 flags 0x10(PREALLOC)\n atime 1716417703.220000000 (2024-05-22 15:41:43)\n ctime 1716417704.983333333 (2024-05-22 15:41:44)\n mtime 1716417704.983333333 (2024-05-22 15:41:44)\n otime 17592186044416.000000000 (559444-03-08 01:40:16)\n item 1 key (450 INODE_REF 256) itemoff 16110 itemsize 13\n index 195 namelen 3 name: 193\n item 2 key (450 XATTR_ITEM 1640047104) itemoff 16073 itemsize 37\n location key (0 UNKNOWN.0 0) type XATTR\n transid 7 data_len 1 name_len 6\n name: user.a\n data a\n item 3 key (450 EXTENT_DATA 0) itemoff 16020 itemsize 53\n generation 9 type 1 (regular)\n extent data disk byte 303144960 nr 12288\n extent data offset 0 nr 4096 ram 12288\n extent compression 0 (none)\n item 4 key (450 EXTENT_DATA 4096) itemoff 15967 itemsize 53\n generation 9 type 2 (prealloc)\n prealloc data disk byte 303144960 nr 12288\n prealloc data offset 4096 nr 8192\n item 5 key (450 EXTENT_DATA 8192) itemoff 15914 itemsize 53\n generation 9 type 2 (prealloc)\n prealloc data disk byte 303144960 nr 12288\n prealloc data offset 8192 nr 4096\n ...\n\nSo the real problem happened earlier: notice that items 4 (4k-12k) and 5\n(8k-12k) overlap. Both are prealloc extents. Item 4 straddles i_size and\nitem 5 starts at i_size.\n\nHere is the state of \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:20.964Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1ff2bd566fbcefcb892be85c493bdb92b911c428"
},
{
"url": "https://git.kernel.org/stable/c/3d08c52ba1887a1ff9c179d4b6a18b427bcb2097"
},
{
"url": "https://git.kernel.org/stable/c/f4e5ed974876c14d3623e04dc43d3e3281bc6011"
},
{
"url": "https://git.kernel.org/stable/c/9d274c19a71b3a276949933859610721a453946b"
}
],
"title": "btrfs: fix crash on racing fsync and size-extending write into prealloc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-37354",
"datePublished": "2024-06-25T14:22:36.228Z",
"dateReserved": "2024-06-24T13:53:25.569Z",
"dateUpdated": "2025-05-04T09:13:20.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38385 (GCVE-0-2024-38385)
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()
irq_find_at_or_after() dereferences the interrupt descriptor which is
returned by mt_find() while neither holding sparse_irq_lock nor RCU read
lock, which means the descriptor can be freed between mt_find() and the
dereference:
CPU0 CPU1
desc = mt_find()
delayed_free_desc(desc)
irq_desc_get_irq(desc)
The use-after-free is reported by KASAN:
Call trace:
irq_get_next_irq+0x58/0x84
show_stat+0x638/0x824
seq_read_iter+0x158/0x4ec
proc_reg_read_iter+0x94/0x12c
vfs_read+0x1e0/0x2c8
Freed by task 4471:
slab_free_freelist_hook+0x174/0x1e0
__kmem_cache_free+0xa4/0x1dc
kfree+0x64/0x128
irq_kobj_release+0x28/0x3c
kobject_put+0xcc/0x1e0
delayed_free_desc+0x14/0x2c
rcu_do_batch+0x214/0x720
Guard the access with a RCU read lock section.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:08:17.872806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:42.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/irq/irqdesc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1c7891812d85500ae2ca4051fa5683fcf29930d8",
"status": "affected",
"version": "721255b9826bd11c7a38b585905fc2dd0fb94e52",
"versionType": "git"
},
{
"lessThan": "d084aa022f84319f8079e30882cbcbc026af9f21",
"status": "affected",
"version": "721255b9826bd11c7a38b585905fc2dd0fb94e52",
"versionType": "git"
},
{
"lessThan": "b84a8aba806261d2f759ccedf4a2a6a80a5e55ba",
"status": "affected",
"version": "721255b9826bd11c7a38b585905fc2dd0fb94e52",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/irq/irqdesc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.34",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.5",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()\n\nirq_find_at_or_after() dereferences the interrupt descriptor which is\nreturned by mt_find() while neither holding sparse_irq_lock nor RCU read\nlock, which means the descriptor can be freed between mt_find() and the\ndereference:\n\n CPU0 CPU1\n desc = mt_find()\n delayed_free_desc(desc)\n irq_desc_get_irq(desc)\n\nThe use-after-free is reported by KASAN:\n\n Call trace:\n irq_get_next_irq+0x58/0x84\n show_stat+0x638/0x824\n seq_read_iter+0x158/0x4ec\n proc_reg_read_iter+0x94/0x12c\n vfs_read+0x1e0/0x2c8\n\n Freed by task 4471:\n slab_free_freelist_hook+0x174/0x1e0\n __kmem_cache_free+0xa4/0x1dc\n kfree+0x64/0x128\n irq_kobj_release+0x28/0x3c\n kobject_put+0xcc/0x1e0\n delayed_free_desc+0x14/0x2c\n rcu_do_batch+0x214/0x720\n\nGuard the access with a RCU read lock section."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:28.503Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8"
},
{
"url": "https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21"
},
{
"url": "https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba"
}
],
"title": "genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38385",
"datePublished": "2024-06-25T14:22:37.560Z",
"dateReserved": "2024-06-24T13:54:11.033Z",
"dateUpdated": "2025-05-04T09:13:28.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38557 (GCVE-0-2024-38557)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Reload only IB representors upon lag disable/enable
On lag disable, the bond IB device along with all of its
representors are destroyed, and then the slaves' representors get reloaded.
In case the slave IB representor load fails, the eswitch error flow
unloads all representors, including ethernet representors, where the
netdevs get detached and removed from lag bond. Such flow is inaccurate
as the lag driver is not responsible for loading/unloading ethernet
representors. Furthermore, the flow described above begins by holding
lag lock to prevent bond changes during disable flow. However, when
reaching the ethernet representors detachment from lag, the lag lock is
required again, triggering the following deadlock:
Call trace:
__switch_to+0xf4/0x148
__schedule+0x2c8/0x7d0
schedule+0x50/0xe0
schedule_preempt_disabled+0x18/0x28
__mutex_lock.isra.13+0x2b8/0x570
__mutex_lock_slowpath+0x1c/0x28
mutex_lock+0x4c/0x68
mlx5_lag_remove_netdev+0x3c/0x1a0 [mlx5_core]
mlx5e_uplink_rep_disable+0x70/0xa0 [mlx5_core]
mlx5e_detach_netdev+0x6c/0xb0 [mlx5_core]
mlx5e_netdev_change_profile+0x44/0x138 [mlx5_core]
mlx5e_netdev_attach_nic_profile+0x28/0x38 [mlx5_core]
mlx5e_vport_rep_unload+0x184/0x1b8 [mlx5_core]
mlx5_esw_offloads_rep_load+0xd8/0xe0 [mlx5_core]
mlx5_eswitch_reload_reps+0x74/0xd0 [mlx5_core]
mlx5_disable_lag+0x130/0x138 [mlx5_core]
mlx5_lag_disable_change+0x6c/0x70 [mlx5_core] // hold ldev->lock
mlx5_devlink_eswitch_mode_set+0xc0/0x410 [mlx5_core]
devlink_nl_cmd_eswitch_set_doit+0xdc/0x180
genl_family_rcv_msg_doit.isra.17+0xe8/0x138
genl_rcv_msg+0xe4/0x220
netlink_rcv_skb+0x44/0x108
genl_rcv+0x40/0x58
netlink_unicast+0x198/0x268
netlink_sendmsg+0x1d4/0x418
sock_sendmsg+0x54/0x60
__sys_sendto+0xf4/0x120
__arm64_sys_sendto+0x30/0x40
el0_svc_common+0x8c/0x120
do_el0_svc+0x30/0xa0
el0_svc+0x20/0x30
el0_sync_handler+0x90/0xb8
el0_sync+0x160/0x180
Thus, upon lag enable/disable, load and unload only the IB representors
of the slaves preventing the deadlock mentioned above.
While at it, refactor the mlx5_esw_offloads_rep_load() function to have
a static helper method for its internal logic, in symmetry with the
representor unload design.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T14:38:10.487920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T14:39:10.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e93fc8d959e56092e2eca1e5511c2d2f0ad6807a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f03c714a0fdd1f93101a929d0e727c28a66383fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f320f28f54b1b269a755be2e3fb3695e0b80b07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f06228d4a2dcc1fca5b3ddb0eefa09c05b102c4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/eswitch.h",
"drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c",
"drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c",
"drivers/net/ethernet/mellanox/mlx5/core/lag/mpesw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e93fc8d959e56092e2eca1e5511c2d2f0ad6807a",
"status": "affected",
"version": "598fe77df855feeeca9dfda2ffe622ac7724e5c3",
"versionType": "git"
},
{
"lessThan": "f03c714a0fdd1f93101a929d0e727c28a66383fc",
"status": "affected",
"version": "598fe77df855feeeca9dfda2ffe622ac7724e5c3",
"versionType": "git"
},
{
"lessThan": "0f320f28f54b1b269a755be2e3fb3695e0b80b07",
"status": "affected",
"version": "598fe77df855feeeca9dfda2ffe622ac7724e5c3",
"versionType": "git"
},
{
"lessThan": "0f06228d4a2dcc1fca5b3ddb0eefa09c05b102c4",
"status": "affected",
"version": "598fe77df855feeeca9dfda2ffe622ac7724e5c3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/eswitch.h",
"drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c",
"drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c",
"drivers/net/ethernet/mellanox/mlx5/core/lag/mpesw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Reload only IB representors upon lag disable/enable\n\nOn lag disable, the bond IB device along with all of its\nrepresentors are destroyed, and then the slaves\u0027 representors get reloaded.\n\nIn case the slave IB representor load fails, the eswitch error flow\nunloads all representors, including ethernet representors, where the\nnetdevs get detached and removed from lag bond. Such flow is inaccurate\nas the lag driver is not responsible for loading/unloading ethernet\nrepresentors. Furthermore, the flow described above begins by holding\nlag lock to prevent bond changes during disable flow. However, when\nreaching the ethernet representors detachment from lag, the lag lock is\nrequired again, triggering the following deadlock:\n\nCall trace:\n__switch_to+0xf4/0x148\n__schedule+0x2c8/0x7d0\nschedule+0x50/0xe0\nschedule_preempt_disabled+0x18/0x28\n__mutex_lock.isra.13+0x2b8/0x570\n__mutex_lock_slowpath+0x1c/0x28\nmutex_lock+0x4c/0x68\nmlx5_lag_remove_netdev+0x3c/0x1a0 [mlx5_core]\nmlx5e_uplink_rep_disable+0x70/0xa0 [mlx5_core]\nmlx5e_detach_netdev+0x6c/0xb0 [mlx5_core]\nmlx5e_netdev_change_profile+0x44/0x138 [mlx5_core]\nmlx5e_netdev_attach_nic_profile+0x28/0x38 [mlx5_core]\nmlx5e_vport_rep_unload+0x184/0x1b8 [mlx5_core]\nmlx5_esw_offloads_rep_load+0xd8/0xe0 [mlx5_core]\nmlx5_eswitch_reload_reps+0x74/0xd0 [mlx5_core]\nmlx5_disable_lag+0x130/0x138 [mlx5_core]\nmlx5_lag_disable_change+0x6c/0x70 [mlx5_core] // hold ldev-\u003elock\nmlx5_devlink_eswitch_mode_set+0xc0/0x410 [mlx5_core]\ndevlink_nl_cmd_eswitch_set_doit+0xdc/0x180\ngenl_family_rcv_msg_doit.isra.17+0xe8/0x138\ngenl_rcv_msg+0xe4/0x220\nnetlink_rcv_skb+0x44/0x108\ngenl_rcv+0x40/0x58\nnetlink_unicast+0x198/0x268\nnetlink_sendmsg+0x1d4/0x418\nsock_sendmsg+0x54/0x60\n__sys_sendto+0xf4/0x120\n__arm64_sys_sendto+0x30/0x40\nel0_svc_common+0x8c/0x120\ndo_el0_svc+0x30/0xa0\nel0_svc+0x20/0x30\nel0_sync_handler+0x90/0xb8\nel0_sync+0x160/0x180\n\nThus, upon lag enable/disable, load and unload only the IB representors\nof the slaves preventing the deadlock mentioned above.\n\nWhile at it, refactor the mlx5_esw_offloads_rep_load() function to have\na static helper method for its internal logic, in symmetry with the\nrepresentor unload design."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:03.057Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e93fc8d959e56092e2eca1e5511c2d2f0ad6807a"
},
{
"url": "https://git.kernel.org/stable/c/f03c714a0fdd1f93101a929d0e727c28a66383fc"
},
{
"url": "https://git.kernel.org/stable/c/0f320f28f54b1b269a755be2e3fb3695e0b80b07"
},
{
"url": "https://git.kernel.org/stable/c/0f06228d4a2dcc1fca5b3ddb0eefa09c05b102c4"
}
],
"title": "net/mlx5: Reload only IB representors upon lag disable/enable",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38557",
"datePublished": "2024-06-19T13:35:27.426Z",
"dateReserved": "2024-06-18T19:36:34.921Z",
"dateUpdated": "2025-05-04T09:14:03.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36934 (GCVE-0-2024-36934)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bna: ensure the copied buf is NUL terminated
Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from
userspace to that buffer. Later, we use sscanf on this buffer but we don't
ensure that the string is terminated inside the buffer, this can lead to
OOB read when using sscanf. Fix this issue by using memdup_user_nul
instead of memdup_user.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 Version: 7afc5dbde09104b023ce04465ba71aaba0fc4346 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-12T16:03:00.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:51.492467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:36.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/brocade/bna/bnad_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bd502ba81cd1d515deddad7dbc6b812b14b97147",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "80578ec10335bc15ac35fd1703c22aab34e39fdd",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "6f0f19b79c085cc891c418b768f26f7004bd51a4",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "0f560240b4cc25d3de527deb257cdf072c0102a9",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "06cb37e2ba6441888f24566a997481d4197b4e32",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "e19478763154674c084defc62ae0d64d79657f91",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "1518b2b498a0109eb6b15755169d3b6607356b35",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/brocade/bna/bnad_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: ensure the copied buf is NUL terminated\n\nCurrently, we allocate a nbytes-sized kernel buffer and copy nbytes from\nuserspace to that buffer. Later, we use sscanf on this buffer but we don\u0027t\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using sscanf. Fix this issue by using memdup_user_nul\ninstead of memdup_user."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:22.995Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147"
},
{
"url": "https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd"
},
{
"url": "https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4"
},
{
"url": "https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9"
},
{
"url": "https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32"
},
{
"url": "https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91"
},
{
"url": "https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35"
},
{
"url": "https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f"
}
],
"title": "bna: ensure the copied buf is NUL terminated",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36934",
"datePublished": "2024-05-30T15:29:24.357Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2025-05-04T09:12:22.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38560 (GCVE-0-2024-38560)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: bfa: Ensure the copied buf is NUL terminated
Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from
userspace to that buffer. Later, we use sscanf on this buffer but we don't
ensure that the string is terminated inside the buffer, this can lead to
OOB read when using sscanf. Fix this issue by using memdup_user_nul instead
of memdup_user.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb Version: 9f30b674759b9a2da25aefe25d885161d8a911cb |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/481fc0c8617304a67649027c4a44723a139a0462"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/595a6b98deec01b6dbb20139f71edcd5fb760ec2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00b425ff0891283207d7bad607a2412225274d7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1708e3cf2488788cba5489e4f913d227de757baf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d3e694c4fe30f3aba9cd5ae86fb947a54c3db5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/204714e68015d6946279719fd464ecaf57240f35"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7510fab46b1cbd1680e2a096e779aec3334b4143"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecb76200f5557a2886888aaa53702da1ab9e6cdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13d0cecb4626fae67c00c84d3c7851f6b62f7df3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:37.926935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:56.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/bfa/bfad_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "481fc0c8617304a67649027c4a44723a139a0462",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "595a6b98deec01b6dbb20139f71edcd5fb760ec2",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "00b425ff0891283207d7bad607a2412225274d7a",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "1708e3cf2488788cba5489e4f913d227de757baf",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "7d3e694c4fe30f3aba9cd5ae86fb947a54c3db5c",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "204714e68015d6946279719fd464ecaf57240f35",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "7510fab46b1cbd1680e2a096e779aec3334b4143",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "ecb76200f5557a2886888aaa53702da1ab9e6cdf",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
},
{
"lessThan": "13d0cecb4626fae67c00c84d3c7851f6b62f7df3",
"status": "affected",
"version": "9f30b674759b9a2da25aefe25d885161d8a911cb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/bfa/bfad_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a nbytes-sized kernel buffer and copy nbytes from\nuserspace to that buffer. Later, we use sscanf on this buffer but we don\u0027t\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using sscanf. Fix this issue by using memdup_user_nul instead\nof memdup_user."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:07.087Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/481fc0c8617304a67649027c4a44723a139a0462"
},
{
"url": "https://git.kernel.org/stable/c/595a6b98deec01b6dbb20139f71edcd5fb760ec2"
},
{
"url": "https://git.kernel.org/stable/c/00b425ff0891283207d7bad607a2412225274d7a"
},
{
"url": "https://git.kernel.org/stable/c/1708e3cf2488788cba5489e4f913d227de757baf"
},
{
"url": "https://git.kernel.org/stable/c/7d3e694c4fe30f3aba9cd5ae86fb947a54c3db5c"
},
{
"url": "https://git.kernel.org/stable/c/204714e68015d6946279719fd464ecaf57240f35"
},
{
"url": "https://git.kernel.org/stable/c/7510fab46b1cbd1680e2a096e779aec3334b4143"
},
{
"url": "https://git.kernel.org/stable/c/ecb76200f5557a2886888aaa53702da1ab9e6cdf"
},
{
"url": "https://git.kernel.org/stable/c/13d0cecb4626fae67c00c84d3c7851f6b62f7df3"
}
],
"title": "scsi: bfa: Ensure the copied buf is NUL terminated",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38560",
"datePublished": "2024-06-19T13:35:29.555Z",
"dateReserved": "2024-06-18T19:36:34.922Z",
"dateUpdated": "2025-05-04T09:14:07.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26920 (GCVE-0-2024-26920)
Vulnerability from cvelistv5
Published
2024-04-17 15:59
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing/trigger: Fix to return error if failed to alloc snapshot
Fix register_snapshot_trigger() to return error code if it failed to
allocate a snapshot instead of 0 (success). Unless that, it will register
snapshot trigger without an error.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0bbe7f719985efd9adb3454679ecef0984cb6800 Version: 0bbe7f719985efd9adb3454679ecef0984cb6800 Version: 0bbe7f719985efd9adb3454679ecef0984cb6800 Version: 0bbe7f719985efd9adb3454679ecef0984cb6800 Version: 7c6feb347a4bb1f02e55f6814c93b5f7fab887a8 Version: a289fd864722dcf5363fec66a35965d4964df515 Version: 7054f86f268c0d9d62b52a4497dd0e8c10a7e5c7 Version: 57f2a2ad73e99a7594515848f4da987326a15981 Version: 0026e356e51ab3b54322eeb445c75a087ede5b9d Version: ffa70d104691aa609a18a9a6692049deb35f431f Version: 733c611a758c68894a4480fb999637476118a8fc |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:45:09.763406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:12.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcf4a115a5068f3331fafb8c176c1af0da3d8b19"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34925d01baf3ee62ab21c21efd9e2c44c24c004a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ffd5590f4d6ef5460acbeac7fbdff7025f9b419"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2450a69d2ee75d1f0112d509ac82ef98f5ad6b5f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56cfbe60710772916a5ba092c99542332b48e870"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26ebeffff238488466fa578be3b35b8a46e69906"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b5085b5ac1d96ea2a8a6240f869655176ce44197"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a3073d58382157ab396734ed4e421ba9e969db1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36be97e9eb535fe3008a5cb040b1e56f29f2e398"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6022c065c9ec465d84cebff8f480db083e4ee06b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b001ef14baab16b553a002cb9979e31b8fc0c6b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0958b33ef5a04ed91f61cef4760ac412080c4e08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace_events_trigger.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "36be97e9eb535fe3008a5cb040b1e56f29f2e398",
"status": "affected",
"version": "0bbe7f719985efd9adb3454679ecef0984cb6800",
"versionType": "git"
},
{
"lessThan": "6022c065c9ec465d84cebff8f480db083e4ee06b",
"status": "affected",
"version": "0bbe7f719985efd9adb3454679ecef0984cb6800",
"versionType": "git"
},
{
"lessThan": "4b001ef14baab16b553a002cb9979e31b8fc0c6b",
"status": "affected",
"version": "0bbe7f719985efd9adb3454679ecef0984cb6800",
"versionType": "git"
},
{
"lessThan": "0958b33ef5a04ed91f61cef4760ac412080c4e08",
"status": "affected",
"version": "0bbe7f719985efd9adb3454679ecef0984cb6800",
"versionType": "git"
},
{
"status": "affected",
"version": "7c6feb347a4bb1f02e55f6814c93b5f7fab887a8",
"versionType": "git"
},
{
"status": "affected",
"version": "a289fd864722dcf5363fec66a35965d4964df515",
"versionType": "git"
},
{
"status": "affected",
"version": "7054f86f268c0d9d62b52a4497dd0e8c10a7e5c7",
"versionType": "git"
},
{
"status": "affected",
"version": "57f2a2ad73e99a7594515848f4da987326a15981",
"versionType": "git"
},
{
"status": "affected",
"version": "0026e356e51ab3b54322eeb445c75a087ede5b9d",
"versionType": "git"
},
{
"status": "affected",
"version": "ffa70d104691aa609a18a9a6692049deb35f431f",
"versionType": "git"
},
{
"status": "affected",
"version": "733c611a758c68894a4480fb999637476118a8fc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace_events_trigger.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/trigger: Fix to return error if failed to alloc snapshot\n\nFix register_snapshot_trigger() to return error code if it failed to\nallocate a snapshot instead of 0 (success). Unless that, it will register\nsnapshot trigger without an error."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:11.051Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/36be97e9eb535fe3008a5cb040b1e56f29f2e398"
},
{
"url": "https://git.kernel.org/stable/c/6022c065c9ec465d84cebff8f480db083e4ee06b"
},
{
"url": "https://git.kernel.org/stable/c/4b001ef14baab16b553a002cb9979e31b8fc0c6b"
},
{
"url": "https://git.kernel.org/stable/c/0958b33ef5a04ed91f61cef4760ac412080c4e08"
}
],
"title": "tracing/trigger: Fix to return error if failed to alloc snapshot",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26920",
"datePublished": "2024-04-17T15:59:28.203Z",
"dateReserved": "2024-02-19T14:20:24.194Z",
"dateUpdated": "2025-05-04T12:55:11.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35900 (GCVE-0-2024-35900)
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2025-05-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: reject new basechain after table flag update
When dormant flag is toggled, hooks are disabled in the commit phase by
iterating over current chains in table (existing and new).
The following configuration allows for an inconsistent state:
add table x
add chain x y { type filter hook input priority 0; }
add table x { flags dormant; }
add chain x w { type filter hook input priority 1; }
which triggers the following warning when trying to unregister chain w
which is already unregistered.
[ 127.322252] WARNING: CPU: 7 PID: 1211 at net/netfilter/core.c:50 1 __nf_unregister_net_hook+0x21a/0x260
[...]
[ 127.322519] Call Trace:
[ 127.322521] <TASK>
[ 127.322524] ? __warn+0x9f/0x1a0
[ 127.322531] ? __nf_unregister_net_hook+0x21a/0x260
[ 127.322537] ? report_bug+0x1b1/0x1e0
[ 127.322545] ? handle_bug+0x3c/0x70
[ 127.322552] ? exc_invalid_op+0x17/0x40
[ 127.322556] ? asm_exc_invalid_op+0x1a/0x20
[ 127.322563] ? kasan_save_free_info+0x3b/0x60
[ 127.322570] ? __nf_unregister_net_hook+0x6a/0x260
[ 127.322577] ? __nf_unregister_net_hook+0x21a/0x260
[ 127.322583] ? __nf_unregister_net_hook+0x6a/0x260
[ 127.322590] ? __nf_tables_unregister_hook+0x8a/0xe0 [nf_tables]
[ 127.322655] nft_table_disable+0x75/0xf0 [nf_tables]
[ 127.322717] nf_tables_commit+0x2571/0x2620 [nf_tables]
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3 Version: e10f661adc556c4969c70ddaddf238bffdaf1e87 Version: d9c4da8cb74e8ee6e58a064a3573aa37acf6c935 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d12f21f8bbe23fde25b77c2bf5973c136b8bef8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41bad13c0e8a5a2b47a7472cced922555372daab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b6fba6918714afee3e17796113ccab636255c7b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ba81dca416adf82fc5a2a23abc1a8cc02ad32fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/745cf6a843896cdac8766c74379300ed73c78830"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/420132bee3d0136b7fba253a597b098fe15493a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e95bb4cba94c018be24b11f017d1c55dd6cda31a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/994209ddf4f430946f6247616b2e33d179243769"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:41:08.192403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:16.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6d12f21f8bbe23fde25b77c2bf5973c136b8bef8",
"status": "affected",
"version": "bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3",
"versionType": "git"
},
{
"lessThan": "41bad13c0e8a5a2b47a7472cced922555372daab",
"status": "affected",
"version": "e10f661adc556c4969c70ddaddf238bffdaf1e87",
"versionType": "git"
},
{
"lessThan": "7b6fba6918714afee3e17796113ccab636255c7b",
"status": "affected",
"version": "d9c4da8cb74e8ee6e58a064a3573aa37acf6c935",
"versionType": "git"
},
{
"lessThan": "8ba81dca416adf82fc5a2a23abc1a8cc02ad32fb",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "745cf6a843896cdac8766c74379300ed73c78830",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "420132bee3d0136b7fba253a597b098fe15493a7",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "e95bb4cba94c018be24b11f017d1c55dd6cda31a",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "994209ddf4f430946f6247616b2e33d179243769",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject new basechain after table flag update\n\nWhen dormant flag is toggled, hooks are disabled in the commit phase by\niterating over current chains in table (existing and new).\n\nThe following configuration allows for an inconsistent state:\n\n add table x\n add chain x y { type filter hook input priority 0; }\n add table x { flags dormant; }\n add chain x w { type filter hook input priority 1; }\n\nwhich triggers the following warning when trying to unregister chain w\nwhich is already unregistered.\n\n[ 127.322252] WARNING: CPU: 7 PID: 1211 at net/netfilter/core.c:50 1 __nf_unregister_net_hook+0x21a/0x260\n[...]\n[ 127.322519] Call Trace:\n[ 127.322521] \u003cTASK\u003e\n[ 127.322524] ? __warn+0x9f/0x1a0\n[ 127.322531] ? __nf_unregister_net_hook+0x21a/0x260\n[ 127.322537] ? report_bug+0x1b1/0x1e0\n[ 127.322545] ? handle_bug+0x3c/0x70\n[ 127.322552] ? exc_invalid_op+0x17/0x40\n[ 127.322556] ? asm_exc_invalid_op+0x1a/0x20\n[ 127.322563] ? kasan_save_free_info+0x3b/0x60\n[ 127.322570] ? __nf_unregister_net_hook+0x6a/0x260\n[ 127.322577] ? __nf_unregister_net_hook+0x21a/0x260\n[ 127.322583] ? __nf_unregister_net_hook+0x6a/0x260\n[ 127.322590] ? __nf_tables_unregister_hook+0x8a/0xe0 [nf_tables]\n[ 127.322655] nft_table_disable+0x75/0xf0 [nf_tables]\n[ 127.322717] nf_tables_commit+0x2571/0x2620 [nf_tables]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:57.894Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6d12f21f8bbe23fde25b77c2bf5973c136b8bef8"
},
{
"url": "https://git.kernel.org/stable/c/41bad13c0e8a5a2b47a7472cced922555372daab"
},
{
"url": "https://git.kernel.org/stable/c/7b6fba6918714afee3e17796113ccab636255c7b"
},
{
"url": "https://git.kernel.org/stable/c/8ba81dca416adf82fc5a2a23abc1a8cc02ad32fb"
},
{
"url": "https://git.kernel.org/stable/c/745cf6a843896cdac8766c74379300ed73c78830"
},
{
"url": "https://git.kernel.org/stable/c/420132bee3d0136b7fba253a597b098fe15493a7"
},
{
"url": "https://git.kernel.org/stable/c/e95bb4cba94c018be24b11f017d1c55dd6cda31a"
},
{
"url": "https://git.kernel.org/stable/c/994209ddf4f430946f6247616b2e33d179243769"
}
],
"title": "netfilter: nf_tables: reject new basechain after table flag update",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35900",
"datePublished": "2024-05-19T08:34:54.016Z",
"dateReserved": "2024-05-17T13:50:33.114Z",
"dateUpdated": "2025-05-04T09:07:57.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38594 (GCVE-0-2024-38594)
Vulnerability from cvelistv5
Published
2024-06-19 13:45
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: move the EST lock to struct stmmac_priv
Reinitialize the whole EST structure would also reset the mutex
lock which is embedded in the EST structure, and then trigger
the following warning. To address this, move the lock to struct
stmmac_priv. We also need to reacquire the mutex lock when doing
this initialization.
DEBUG_LOCKS_WARN_ON(lock->magic != lock)
WARNING: CPU: 3 PID: 505 at kernel/locking/mutex.c:587 __mutex_lock+0xd84/0x1068
Modules linked in:
CPU: 3 PID: 505 Comm: tc Not tainted 6.9.0-rc6-00053-g0106679839f7-dirty #29
Hardware name: NXP i.MX8MPlus EVK board (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __mutex_lock+0xd84/0x1068
lr : __mutex_lock+0xd84/0x1068
sp : ffffffc0864e3570
x29: ffffffc0864e3570 x28: ffffffc0817bdc78 x27: 0000000000000003
x26: ffffff80c54f1808 x25: ffffff80c9164080 x24: ffffffc080d723ac
x23: 0000000000000000 x22: 0000000000000002 x21: 0000000000000000
x20: 0000000000000000 x19: ffffffc083bc3000 x18: ffffffffffffffff
x17: ffffffc08117b080 x16: 0000000000000002 x15: ffffff80d2d40000
x14: 00000000000002da x13: ffffff80d2d404b8 x12: ffffffc082b5a5c8
x11: ffffffc082bca680 x10: ffffffc082bb2640 x9 : ffffffc082bb2698
x8 : 0000000000017fe8 x7 : c0000000ffffefff x6 : 0000000000000001
x5 : ffffff8178fe0d48 x4 : 0000000000000000 x3 : 0000000000000027
x2 : ffffff8178fe0d50 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
__mutex_lock+0xd84/0x1068
mutex_lock_nested+0x28/0x34
tc_setup_taprio+0x118/0x68c
stmmac_setup_tc+0x50/0xf0
taprio_change+0x868/0xc9c
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b2aae654a4794ef898ad33a179f341eb610f6b85 Version: b2aae654a4794ef898ad33a179f341eb610f6b85 Version: b2aae654a4794ef898ad33a179f341eb610f6b85 Version: b2aae654a4794ef898ad33a179f341eb610f6b85 Version: b2091d47a14e8e6b3f03d792c1b25255d60b3219 Version: 5ce4cc16d47186f0b76254e6f27beea25bafc1d9 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/487f9030b1ef34bab123f2df2a4ccbe01ba84416"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f476aff2d8da1a189621c4c16a76a6c534e4312"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36ac9e7f2e5786bd37c5cd91132e1f39c29b8197"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:43.727802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:54.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/stmmac.h",
"drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c",
"drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c",
"include/linux/stmmac.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b538fefeb1026aad9dcdcbb410c42b56dff8aae9",
"status": "affected",
"version": "b2aae654a4794ef898ad33a179f341eb610f6b85",
"versionType": "git"
},
{
"lessThan": "487f9030b1ef34bab123f2df2a4ccbe01ba84416",
"status": "affected",
"version": "b2aae654a4794ef898ad33a179f341eb610f6b85",
"versionType": "git"
},
{
"lessThan": "6f476aff2d8da1a189621c4c16a76a6c534e4312",
"status": "affected",
"version": "b2aae654a4794ef898ad33a179f341eb610f6b85",
"versionType": "git"
},
{
"lessThan": "36ac9e7f2e5786bd37c5cd91132e1f39c29b8197",
"status": "affected",
"version": "b2aae654a4794ef898ad33a179f341eb610f6b85",
"versionType": "git"
},
{
"status": "affected",
"version": "b2091d47a14e8e6b3f03d792c1b25255d60b3219",
"versionType": "git"
},
{
"status": "affected",
"version": "5ce4cc16d47186f0b76254e6f27beea25bafc1d9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/stmmac.h",
"drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c",
"drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c",
"include/linux/stmmac.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: move the EST lock to struct stmmac_priv\n\nReinitialize the whole EST structure would also reset the mutex\nlock which is embedded in the EST structure, and then trigger\nthe following warning. To address this, move the lock to struct\nstmmac_priv. We also need to reacquire the mutex lock when doing\nthis initialization.\n\nDEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\nWARNING: CPU: 3 PID: 505 at kernel/locking/mutex.c:587 __mutex_lock+0xd84/0x1068\n Modules linked in:\n CPU: 3 PID: 505 Comm: tc Not tainted 6.9.0-rc6-00053-g0106679839f7-dirty #29\n Hardware name: NXP i.MX8MPlus EVK board (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __mutex_lock+0xd84/0x1068\n lr : __mutex_lock+0xd84/0x1068\n sp : ffffffc0864e3570\n x29: ffffffc0864e3570 x28: ffffffc0817bdc78 x27: 0000000000000003\n x26: ffffff80c54f1808 x25: ffffff80c9164080 x24: ffffffc080d723ac\n x23: 0000000000000000 x22: 0000000000000002 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffc083bc3000 x18: ffffffffffffffff\n x17: ffffffc08117b080 x16: 0000000000000002 x15: ffffff80d2d40000\n x14: 00000000000002da x13: ffffff80d2d404b8 x12: ffffffc082b5a5c8\n x11: ffffffc082bca680 x10: ffffffc082bb2640 x9 : ffffffc082bb2698\n x8 : 0000000000017fe8 x7 : c0000000ffffefff x6 : 0000000000000001\n x5 : ffffff8178fe0d48 x4 : 0000000000000000 x3 : 0000000000000027\n x2 : ffffff8178fe0d50 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n __mutex_lock+0xd84/0x1068\n mutex_lock_nested+0x28/0x34\n tc_setup_taprio+0x118/0x68c\n stmmac_setup_tc+0x50/0xf0\n taprio_change+0x868/0xc9c"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:48.423Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b538fefeb1026aad9dcdcbb410c42b56dff8aae9"
},
{
"url": "https://git.kernel.org/stable/c/487f9030b1ef34bab123f2df2a4ccbe01ba84416"
},
{
"url": "https://git.kernel.org/stable/c/6f476aff2d8da1a189621c4c16a76a6c534e4312"
},
{
"url": "https://git.kernel.org/stable/c/36ac9e7f2e5786bd37c5cd91132e1f39c29b8197"
}
],
"title": "net: stmmac: move the EST lock to struct stmmac_priv",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38594",
"datePublished": "2024-06-19T13:45:44.671Z",
"dateReserved": "2024-06-18T19:36:34.931Z",
"dateUpdated": "2025-05-04T12:56:48.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38622 (GCVE-0-2024-38622)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dpu: Add callback function pointer check before its call
In dpu_core_irq_callback_handler() callback function pointer is compared to NULL,
but then callback function is unconditionally called by this pointer.
Fix this bug by adding conditional return.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Patchwork: https://patchwork.freedesktop.org/patch/588237/
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T13:23:40.246723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T13:23:53.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/873f67699114452c2a996c4e10faac8ff860c241"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9078630ed7f8f25d65d11823e7f2b11a8e2f4f0f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/530f272053a5e72243a9cb07bb1296af6c346002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "873f67699114452c2a996c4e10faac8ff860c241",
"status": "affected",
"version": "c929ac60b3ed34accd25a052a4833e418900f466",
"versionType": "git"
},
{
"lessThan": "9078630ed7f8f25d65d11823e7f2b11a8e2f4f0f",
"status": "affected",
"version": "c929ac60b3ed34accd25a052a4833e418900f466",
"versionType": "git"
},
{
"lessThan": "530f272053a5e72243a9cb07bb1296af6c346002",
"status": "affected",
"version": "c929ac60b3ed34accd25a052a4833e418900f466",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Add callback function pointer check before its call\n\nIn dpu_core_irq_callback_handler() callback function pointer is compared to NULL,\nbut then callback function is unconditionally called by this pointer.\nFix this bug by adding conditional return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nPatchwork: https://patchwork.freedesktop.org/patch/588237/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:30.370Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/873f67699114452c2a996c4e10faac8ff860c241"
},
{
"url": "https://git.kernel.org/stable/c/9078630ed7f8f25d65d11823e7f2b11a8e2f4f0f"
},
{
"url": "https://git.kernel.org/stable/c/530f272053a5e72243a9cb07bb1296af6c346002"
}
],
"title": "drm/msm/dpu: Add callback function pointer check before its call",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38622",
"datePublished": "2024-06-21T10:18:15.625Z",
"dateReserved": "2024-06-18T19:36:34.945Z",
"dateUpdated": "2025-05-04T09:15:30.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52794 (GCVE-0-2023-52794)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
thermal: intel: powerclamp: fix mismatch in get function for max_idle
KASAN reported this
[ 444.853098] BUG: KASAN: global-out-of-bounds in param_get_int+0x77/0x90
[ 444.853111] Read of size 4 at addr ffffffffc16c9220 by task cat/2105
...
[ 444.853442] The buggy address belongs to the variable:
[ 444.853443] max_idle+0x0/0xffffffffffffcde0 [intel_powerclamp]
There is a mismatch between the param_get_int and the definition of
max_idle. Replacing param_get_int with param_get_byte resolves this
issue.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a3866dbdcf39ac93e98708e6abced511733dc18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a8585281b11e3a0723bba8d8085d61f0b55f37c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fae633cfb729da2771b5433f6b84ae7e8b4aa5f7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:53.470332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:29.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/intel/intel_powerclamp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6a3866dbdcf39ac93e98708e6abced511733dc18",
"status": "affected",
"version": "ebf519710218814cf827adbf9111af081344c969",
"versionType": "git"
},
{
"lessThan": "0a8585281b11e3a0723bba8d8085d61f0b55f37c",
"status": "affected",
"version": "ebf519710218814cf827adbf9111af081344c969",
"versionType": "git"
},
{
"lessThan": "fae633cfb729da2771b5433f6b84ae7e8b4aa5f7",
"status": "affected",
"version": "ebf519710218814cf827adbf9111af081344c969",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/intel/intel_powerclamp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: intel: powerclamp: fix mismatch in get function for max_idle\n\nKASAN reported this\n\n [ 444.853098] BUG: KASAN: global-out-of-bounds in param_get_int+0x77/0x90\n [ 444.853111] Read of size 4 at addr ffffffffc16c9220 by task cat/2105\n ...\n [ 444.853442] The buggy address belongs to the variable:\n [ 444.853443] max_idle+0x0/0xffffffffffffcde0 [intel_powerclamp]\n\nThere is a mismatch between the param_get_int and the definition of\nmax_idle. Replacing param_get_int with param_get_byte resolves this\nissue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:19.101Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6a3866dbdcf39ac93e98708e6abced511733dc18"
},
{
"url": "https://git.kernel.org/stable/c/0a8585281b11e3a0723bba8d8085d61f0b55f37c"
},
{
"url": "https://git.kernel.org/stable/c/fae633cfb729da2771b5433f6b84ae7e8b4aa5f7"
}
],
"title": "thermal: intel: powerclamp: fix mismatch in get function for max_idle",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52794",
"datePublished": "2024-05-21T15:31:08.970Z",
"dateReserved": "2024-05-21T15:19:24.246Z",
"dateUpdated": "2025-05-04T07:43:19.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52849 (GCVE-0-2023-52849)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cxl/mem: Fix shutdown order
Ira reports that removing cxl_mock_mem causes a crash with the following
trace:
BUG: kernel NULL pointer dereference, address: 0000000000000044
[..]
RIP: 0010:cxl_region_decode_reset+0x7f/0x180 [cxl_core]
[..]
Call Trace:
<TASK>
cxl_region_detach+0xe8/0x210 [cxl_core]
cxl_decoder_kill_region+0x27/0x40 [cxl_core]
cxld_unregister+0x29/0x40 [cxl_core]
devres_release_all+0xb8/0x110
device_unbind_cleanup+0xe/0x70
device_release_driver_internal+0x1d2/0x210
bus_remove_device+0xd7/0x150
device_del+0x155/0x3e0
device_unregister+0x13/0x60
devm_release_action+0x4d/0x90
? __pfx_unregister_port+0x10/0x10 [cxl_core]
delete_endpoint+0x121/0x130 [cxl_core]
devres_release_all+0xb8/0x110
device_unbind_cleanup+0xe/0x70
device_release_driver_internal+0x1d2/0x210
bus_remove_device+0xd7/0x150
device_del+0x155/0x3e0
? lock_release+0x142/0x290
cdev_device_del+0x15/0x50
cxl_memdev_unregister+0x54/0x70 [cxl_core]
This crash is due to the clearing out the cxl_memdev's driver context
(@cxlds) before the subsystem is done with it. This is ultimately due to
the region(s), that this memdev is a member, being torn down and expecting
to be able to de-reference @cxlds, like here:
static int cxl_region_decode_reset(struct cxl_region *cxlr, int count)
...
if (cxlds->rcd)
goto endpoint_reset;
...
Fix it by keeping the driver context valid until memdev-device
unregistration, and subsequently the entire stack of related
dependencies, unwinds.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9cc238c7a526dba9ee8c210fa2828886fc65db66 Version: 9cc238c7a526dba9ee8c210fa2828886fc65db66 Version: 9cc238c7a526dba9ee8c210fa2828886fc65db66 Version: 9cc238c7a526dba9ee8c210fa2828886fc65db66 Version: 9cc238c7a526dba9ee8c210fa2828886fc65db66 Version: 964a9834492210f48b360baa9e20a9eedf4d08ff |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T19:16:24.136793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T19:16:37.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/20bd0198bebdd706bd4614b3933ef70d7c19618f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cad22a757029c3a1985c221a2d4a6491ad4035ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ca074f7d788627a4e0b047ca5fbdb5fc567220c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88d3917f82ed4215a2154432c26de1480a61b209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/cxl/core/memdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "20bd0198bebdd706bd4614b3933ef70d7c19618f",
"status": "affected",
"version": "9cc238c7a526dba9ee8c210fa2828886fc65db66",
"versionType": "git"
},
{
"lessThan": "7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b",
"status": "affected",
"version": "9cc238c7a526dba9ee8c210fa2828886fc65db66",
"versionType": "git"
},
{
"lessThan": "cad22a757029c3a1985c221a2d4a6491ad4035ae",
"status": "affected",
"version": "9cc238c7a526dba9ee8c210fa2828886fc65db66",
"versionType": "git"
},
{
"lessThan": "0ca074f7d788627a4e0b047ca5fbdb5fc567220c",
"status": "affected",
"version": "9cc238c7a526dba9ee8c210fa2828886fc65db66",
"versionType": "git"
},
{
"lessThan": "88d3917f82ed4215a2154432c26de1480a61b209",
"status": "affected",
"version": "9cc238c7a526dba9ee8c210fa2828886fc65db66",
"versionType": "git"
},
{
"status": "affected",
"version": "964a9834492210f48b360baa9e20a9eedf4d08ff",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/cxl/core/memdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/mem: Fix shutdown order\n\nIra reports that removing cxl_mock_mem causes a crash with the following\ntrace:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000044\n [..]\n RIP: 0010:cxl_region_decode_reset+0x7f/0x180 [cxl_core]\n [..]\n Call Trace:\n \u003cTASK\u003e\n cxl_region_detach+0xe8/0x210 [cxl_core]\n cxl_decoder_kill_region+0x27/0x40 [cxl_core]\n cxld_unregister+0x29/0x40 [cxl_core]\n devres_release_all+0xb8/0x110\n device_unbind_cleanup+0xe/0x70\n device_release_driver_internal+0x1d2/0x210\n bus_remove_device+0xd7/0x150\n device_del+0x155/0x3e0\n device_unregister+0x13/0x60\n devm_release_action+0x4d/0x90\n ? __pfx_unregister_port+0x10/0x10 [cxl_core]\n delete_endpoint+0x121/0x130 [cxl_core]\n devres_release_all+0xb8/0x110\n device_unbind_cleanup+0xe/0x70\n device_release_driver_internal+0x1d2/0x210\n bus_remove_device+0xd7/0x150\n device_del+0x155/0x3e0\n ? lock_release+0x142/0x290\n cdev_device_del+0x15/0x50\n cxl_memdev_unregister+0x54/0x70 [cxl_core]\n\nThis crash is due to the clearing out the cxl_memdev\u0027s driver context\n(@cxlds) before the subsystem is done with it. This is ultimately due to\nthe region(s), that this memdev is a member, being torn down and expecting\nto be able to de-reference @cxlds, like here:\n\nstatic int cxl_region_decode_reset(struct cxl_region *cxlr, int count)\n...\n if (cxlds-\u003ercd)\n goto endpoint_reset;\n...\n\nFix it by keeping the driver context valid until memdev-device\nunregistration, and subsequently the entire stack of related\ndependencies, unwinds."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:39.799Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/20bd0198bebdd706bd4614b3933ef70d7c19618f"
},
{
"url": "https://git.kernel.org/stable/c/7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b"
},
{
"url": "https://git.kernel.org/stable/c/cad22a757029c3a1985c221a2d4a6491ad4035ae"
},
{
"url": "https://git.kernel.org/stable/c/0ca074f7d788627a4e0b047ca5fbdb5fc567220c"
},
{
"url": "https://git.kernel.org/stable/c/88d3917f82ed4215a2154432c26de1480a61b209"
}
],
"title": "cxl/mem: Fix shutdown order",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52849",
"datePublished": "2024-05-21T15:31:45.884Z",
"dateReserved": "2024-05-21T15:19:24.255Z",
"dateUpdated": "2025-05-04T12:49:39.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52876 (GCVE-0-2023-52876)
Vulnerability from cvelistv5
Published
2024-05-21 15:32
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
Add the check for the return value of mtk_alloc_clk_data() in order to
avoid NULL pointer dereference.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:20:33.699635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:18.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfa68e0ac5dcde43577adadf6f0f26f3b365ad68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96e9544a0c4faca616b3f9f4034dcd83a14e7f22"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4070ada5d5155c8d4d17ea64bd246949889f25b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a540ca0aeae83c2f3964bcb4e383f64ce2ec1783"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b20cfe007a46f8c165d42a05c50a8d3d893e6592"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1639072f6260babd017556e9f236ca2ad589d1e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0884393c63cc9a1772f7121a6645ba7bd76feeb9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt7629-eth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cfa68e0ac5dcde43577adadf6f0f26f3b365ad68",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "96e9544a0c4faca616b3f9f4034dcd83a14e7f22",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "c4070ada5d5155c8d4d17ea64bd246949889f25b",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "a540ca0aeae83c2f3964bcb4e383f64ce2ec1783",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "b20cfe007a46f8c165d42a05c50a8d3d893e6592",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "1639072f6260babd017556e9f236ca2ad589d1e7",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "0884393c63cc9a1772f7121a6645ba7bd76feeb9",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt7629-eth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data\n\nAdd the check for the return value of mtk_alloc_clk_data() in order to\navoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:58.429Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cfa68e0ac5dcde43577adadf6f0f26f3b365ad68"
},
{
"url": "https://git.kernel.org/stable/c/96e9544a0c4faca616b3f9f4034dcd83a14e7f22"
},
{
"url": "https://git.kernel.org/stable/c/c4070ada5d5155c8d4d17ea64bd246949889f25b"
},
{
"url": "https://git.kernel.org/stable/c/a540ca0aeae83c2f3964bcb4e383f64ce2ec1783"
},
{
"url": "https://git.kernel.org/stable/c/b20cfe007a46f8c165d42a05c50a8d3d893e6592"
},
{
"url": "https://git.kernel.org/stable/c/1639072f6260babd017556e9f236ca2ad589d1e7"
},
{
"url": "https://git.kernel.org/stable/c/0884393c63cc9a1772f7121a6645ba7bd76feeb9"
}
],
"title": "clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52876",
"datePublished": "2024-05-21T15:32:09.269Z",
"dateReserved": "2024-05-21T15:19:24.264Z",
"dateUpdated": "2025-05-04T07:44:58.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35827 (GCVE-0-2024-35827)
Vulnerability from cvelistv5
Published
2024-05-17 13:41
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
The "controllen" variable is type size_t (unsigned long). Casting it
to int could lead to an integer underflow.
The check_add_overflow() function considers the type of the destination
which is type int. If we add two positive values and the result cannot
fit in an integer then that's counted as an overflow.
However, if we cast "controllen" to an int and it turns negative, then
negative values *can* fit into an int type so there is no overflow.
Good: 100 + (unsigned long)-4 = 96 <-- overflow
Bad: 100 + (int)-4 = 96 <-- no overflow
I deleted the cast of the sizeof() as well. That's not a bug but the
cast is unnecessary.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T15:12:59.146861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:28.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/868ec868616438df487b9e2baa5a99f8662cc47c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/59a534690ecc3af72c6ab121aeac1237a4adae66"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c8c74bb59e7d77554016efc34c2d10376985e5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6563ad0d599110bd5cf8f56c47d279c3ed796fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ede3db5061bb1fe28e2c9683329aafa89d2b1b4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"io_uring/net.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "868ec868616438df487b9e2baa5a99f8662cc47c",
"status": "affected",
"version": "9b0fc3c054ff2eb13753104884f1045b5bb3a627",
"versionType": "git"
},
{
"lessThan": "59a534690ecc3af72c6ab121aeac1237a4adae66",
"status": "affected",
"version": "9b0fc3c054ff2eb13753104884f1045b5bb3a627",
"versionType": "git"
},
{
"lessThan": "0c8c74bb59e7d77554016efc34c2d10376985e5e",
"status": "affected",
"version": "9b0fc3c054ff2eb13753104884f1045b5bb3a627",
"versionType": "git"
},
{
"lessThan": "b6563ad0d599110bd5cf8f56c47d279c3ed796fe",
"status": "affected",
"version": "9b0fc3c054ff2eb13753104884f1045b5bb3a627",
"versionType": "git"
},
{
"lessThan": "8ede3db5061bb1fe28e2c9683329aafa89d2b1b4",
"status": "affected",
"version": "9b0fc3c054ff2eb13753104884f1045b5bb3a627",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"io_uring/net.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/net: fix overflow check in io_recvmsg_mshot_prep()\n\nThe \"controllen\" variable is type size_t (unsigned long). Casting it\nto int could lead to an integer underflow.\n\nThe check_add_overflow() function considers the type of the destination\nwhich is type int. If we add two positive values and the result cannot\nfit in an integer then that\u0027s counted as an overflow.\n\nHowever, if we cast \"controllen\" to an int and it turns negative, then\nnegative values *can* fit into an int type so there is no overflow.\n\nGood: 100 + (unsigned long)-4 = 96 \u003c-- overflow\n Bad: 100 + (int)-4 = 96 \u003c-- no overflow\n\nI deleted the cast of the sizeof() as well. That\u0027s not a bug but the\ncast is unnecessary."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:16.892Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/868ec868616438df487b9e2baa5a99f8662cc47c"
},
{
"url": "https://git.kernel.org/stable/c/59a534690ecc3af72c6ab121aeac1237a4adae66"
},
{
"url": "https://git.kernel.org/stable/c/0c8c74bb59e7d77554016efc34c2d10376985e5e"
},
{
"url": "https://git.kernel.org/stable/c/b6563ad0d599110bd5cf8f56c47d279c3ed796fe"
},
{
"url": "https://git.kernel.org/stable/c/8ede3db5061bb1fe28e2c9683329aafa89d2b1b4"
}
],
"title": "io_uring/net: fix overflow check in io_recvmsg_mshot_prep()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35827",
"datePublished": "2024-05-17T13:41:09.193Z",
"dateReserved": "2024-05-17T12:19:12.347Z",
"dateUpdated": "2025-05-04T09:06:16.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38550 (GCVE-0-2024-38550)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: kirkwood: Fix potential NULL dereference
In kirkwood_dma_hw_params() mv_mbus_dram_info() returns NULL if
CONFIG_PLAT_ORION macro is not defined.
Fix this bug by adding NULL check.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bb6a40fc5a830cae45ddd5cd6cfa151b008522ed Version: bb6a40fc5a830cae45ddd5cd6cfa151b008522ed Version: bb6a40fc5a830cae45ddd5cd6cfa151b008522ed Version: bb6a40fc5a830cae45ddd5cd6cfa151b008522ed Version: bb6a40fc5a830cae45ddd5cd6cfa151b008522ed Version: bb6a40fc5a830cae45ddd5cd6cfa151b008522ed Version: 145951900b763dc32bf31bd770f3f036a8348424 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38550",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:41:30.404959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T15:00:22.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d48d0c5fd733bd6d8d3ddb2ed553777ab4724169"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de9987cec6fde1dd41dfcb971433e05945852489"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a7254525ca7a6f3e37d7882d7f7ad97f6235f7c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5bf5154739cd676b6d0958079070557c8d96afb6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/802b49e39da669b54bd9b77dc3c649999a446bf6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea60ab95723f5738e7737b56dda95e6feefa5b50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/kirkwood/kirkwood-dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d48d0c5fd733bd6d8d3ddb2ed553777ab4724169",
"status": "affected",
"version": "bb6a40fc5a830cae45ddd5cd6cfa151b008522ed",
"versionType": "git"
},
{
"lessThan": "de9987cec6fde1dd41dfcb971433e05945852489",
"status": "affected",
"version": "bb6a40fc5a830cae45ddd5cd6cfa151b008522ed",
"versionType": "git"
},
{
"lessThan": "1a7254525ca7a6f3e37d7882d7f7ad97f6235f7c",
"status": "affected",
"version": "bb6a40fc5a830cae45ddd5cd6cfa151b008522ed",
"versionType": "git"
},
{
"lessThan": "5bf5154739cd676b6d0958079070557c8d96afb6",
"status": "affected",
"version": "bb6a40fc5a830cae45ddd5cd6cfa151b008522ed",
"versionType": "git"
},
{
"lessThan": "802b49e39da669b54bd9b77dc3c649999a446bf6",
"status": "affected",
"version": "bb6a40fc5a830cae45ddd5cd6cfa151b008522ed",
"versionType": "git"
},
{
"lessThan": "ea60ab95723f5738e7737b56dda95e6feefa5b50",
"status": "affected",
"version": "bb6a40fc5a830cae45ddd5cd6cfa151b008522ed",
"versionType": "git"
},
{
"status": "affected",
"version": "145951900b763dc32bf31bd770f3f036a8348424",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/kirkwood/kirkwood-dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: kirkwood: Fix potential NULL dereference\n\nIn kirkwood_dma_hw_params() mv_mbus_dram_info() returns NULL if\nCONFIG_PLAT_ORION macro is not defined.\nFix this bug by adding NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:42.047Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d48d0c5fd733bd6d8d3ddb2ed553777ab4724169"
},
{
"url": "https://git.kernel.org/stable/c/de9987cec6fde1dd41dfcb971433e05945852489"
},
{
"url": "https://git.kernel.org/stable/c/1a7254525ca7a6f3e37d7882d7f7ad97f6235f7c"
},
{
"url": "https://git.kernel.org/stable/c/5bf5154739cd676b6d0958079070557c8d96afb6"
},
{
"url": "https://git.kernel.org/stable/c/802b49e39da669b54bd9b77dc3c649999a446bf6"
},
{
"url": "https://git.kernel.org/stable/c/ea60ab95723f5738e7737b56dda95e6feefa5b50"
}
],
"title": "ASoC: kirkwood: Fix potential NULL dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38550",
"datePublished": "2024-06-19T13:35:22.716Z",
"dateReserved": "2024-06-18T19:36:34.920Z",
"dateUpdated": "2025-05-04T12:56:42.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38634 (GCVE-0-2024-38634)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: max3100: Lock port->lock when calling uart_handle_cts_change()
uart_handle_cts_change() has to be called with port lock taken,
Since we run it in a separate work, the lock may not be taken at
the time of running. Make sure that it's taken by explicitly doing
that. Without it we got a splat:
WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0
...
Workqueue: max3100-0 max3100_work [max3100]
RIP: 0010:uart_handle_cts_change+0xa6/0xb0
...
max3100_handlerx+0xc5/0x110 [max3100]
max3100_work+0x12a/0x340 [max3100]
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 Version: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T13:19:09.330989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T13:19:18.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea549faa869"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77ab53371a2066fdf9b895246505f5ef5a4b5d47"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/max3100.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "44b38924135d2093e2ec1812969464845dd66dc9",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "ea9b35372b58ac2931bfc1d5bc25e839d1221e30",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "cc121e3722a0a2c8f716ef991e5425b180a5fb94",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "78dbda51bb4241b88a52d71620f06231a341f9ba",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "8296bb9e5925b6634259c5d4daee88f0cc0884ec",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "93df2fba6c7dfa9a2f08546ea9a5ca4728758458",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "865b30c8661924ee9145f442bf32cea549faa869",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
},
{
"lessThan": "77ab53371a2066fdf9b895246505f5ef5a4b5d47",
"status": "affected",
"version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/max3100.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Lock port-\u003elock when calling uart_handle_cts_change()\n\nuart_handle_cts_change() has to be called with port lock taken,\nSince we run it in a separate work, the lock may not be taken at\nthe time of running. Make sure that it\u0027s taken by explicitly doing\nthat. Without it we got a splat:\n\n WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0\n ...\n Workqueue: max3100-0 max3100_work [max3100]\n RIP: 0010:uart_handle_cts_change+0xa6/0xb0\n ...\n max3100_handlerx+0xc5/0x110 [max3100]\n max3100_work+0x12a/0x340 [max3100]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:46.722Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9"
},
{
"url": "https://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30"
},
{
"url": "https://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94"
},
{
"url": "https://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9ba"
},
{
"url": "https://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ec"
},
{
"url": "https://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458"
},
{
"url": "https://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea549faa869"
},
{
"url": "https://git.kernel.org/stable/c/77ab53371a2066fdf9b895246505f5ef5a4b5d47"
}
],
"title": "serial: max3100: Lock port-\u003elock when calling uart_handle_cts_change()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38634",
"datePublished": "2024-06-21T10:18:23.573Z",
"dateReserved": "2024-06-18T19:36:34.947Z",
"dateUpdated": "2025-05-04T09:15:46.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52827 (GCVE-0-2023-52827)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()
len is extracted from HTT message and could be an unexpected value in
case errors happen, so add validation before using to avoid possible
out-of-bound read in the following message iteration and parsing.
The same issue also applies to ppdu_info->ppdu_stats.common.num_users,
so validate it before using too.
These are found during code review.
Compile test only.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:23:07.677346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:45.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79527c21a3ce04cffc35ea54f74ee087e532be57"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c9e44111da221246efb2e623ae1be40a5cf6542c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1bc44a505a229bb1dd4957e11aa594edeea3690e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/dp_rx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "79527c21a3ce04cffc35ea54f74ee087e532be57",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "c9e44111da221246efb2e623ae1be40a5cf6542c",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "1bc44a505a229bb1dd4957e11aa594edeea3690e",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/dp_rx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()\n\nlen is extracted from HTT message and could be an unexpected value in\ncase errors happen, so add validation before using to avoid possible\nout-of-bound read in the following message iteration and parsing.\n\nThe same issue also applies to ppdu_info-\u003eppdu_stats.common.num_users,\nso validate it before using too.\n\nThese are found during code review.\n\nCompile test only."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:51.920Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/79527c21a3ce04cffc35ea54f74ee087e532be57"
},
{
"url": "https://git.kernel.org/stable/c/c9e44111da221246efb2e623ae1be40a5cf6542c"
},
{
"url": "https://git.kernel.org/stable/c/1bc44a505a229bb1dd4957e11aa594edeea3690e"
}
],
"title": "wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52827",
"datePublished": "2024-05-21T15:31:30.837Z",
"dateReserved": "2024-05-21T15:19:24.251Z",
"dateUpdated": "2025-05-04T07:43:51.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52825 (GCVE-0-2023-52825)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-20 14:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Fix a race condition of vram buffer unref in svm code
prange->svm_bo unref can happen in both mmu callback and a callback after
migrate to system ram. Both are async call in different tasks. Sync svm_bo
unref operation to avoid random "use-after-free".
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T17:19:26.593963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T16:40:39.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d43cdd22cd81a2b079e864c4321b9aba4c6af34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50f35a907c4f9ed431fd3dbb8b871ef1cbb0718e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c772eacbd6d0845fc922af8716bb9d29ae27b8cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc0210720127cc6302e6d6f3de48f49c3fcf5659"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/709c348261618da7ed89d6c303e2ceb9e453ba74"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_svm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7d43cdd22cd81a2b079e864c4321b9aba4c6af34",
"status": "affected",
"version": "e49fe4040a10c1cd3b215c511f658d15aa7c8be9",
"versionType": "git"
},
{
"lessThan": "50f35a907c4f9ed431fd3dbb8b871ef1cbb0718e",
"status": "affected",
"version": "e49fe4040a10c1cd3b215c511f658d15aa7c8be9",
"versionType": "git"
},
{
"lessThan": "c772eacbd6d0845fc922af8716bb9d29ae27b8cf",
"status": "affected",
"version": "e49fe4040a10c1cd3b215c511f658d15aa7c8be9",
"versionType": "git"
},
{
"lessThan": "fc0210720127cc6302e6d6f3de48f49c3fcf5659",
"status": "affected",
"version": "e49fe4040a10c1cd3b215c511f658d15aa7c8be9",
"versionType": "git"
},
{
"lessThan": "709c348261618da7ed89d6c303e2ceb9e453ba74",
"status": "affected",
"version": "e49fe4040a10c1cd3b215c511f658d15aa7c8be9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_svm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix a race condition of vram buffer unref in svm code\n\nprange-\u003esvm_bo unref can happen in both mmu callback and a callback after\nmigrate to system ram. Both are async call in different tasks. Sync svm_bo\nunref operation to avoid random \"use-after-free\"."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:27:32.686Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7d43cdd22cd81a2b079e864c4321b9aba4c6af34"
},
{
"url": "https://git.kernel.org/stable/c/50f35a907c4f9ed431fd3dbb8b871ef1cbb0718e"
},
{
"url": "https://git.kernel.org/stable/c/c772eacbd6d0845fc922af8716bb9d29ae27b8cf"
},
{
"url": "https://git.kernel.org/stable/c/fc0210720127cc6302e6d6f3de48f49c3fcf5659"
},
{
"url": "https://git.kernel.org/stable/c/709c348261618da7ed89d6c303e2ceb9e453ba74"
}
],
"title": "drm/amdkfd: Fix a race condition of vram buffer unref in svm code",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52825",
"datePublished": "2024-05-21T15:31:29.517Z",
"dateReserved": "2024-05-21T15:19:24.250Z",
"dateUpdated": "2025-05-20T14:27:32.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38619 (GCVE-0-2024-38619)
Vulnerability from cvelistv5
Published
2024-06-20 06:47
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb-storage: alauda: Check whether the media is initialized
The member "uzonesize" of struct alauda_info will remain 0
if alauda_init_media() fails, potentially causing divide errors
in alauda_read_data() and alauda_write_lba().
- Add a member "media_initialized" to struct alauda_info.
- Change a condition in alauda_check_media() to ensure the
first initialization.
- Add an error check for the return value of alauda_init_media().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e80b0fade09ef1ee67b0898d480d4c588f124d5f Version: e80b0fade09ef1ee67b0898d480d4c588f124d5f Version: e80b0fade09ef1ee67b0898d480d4c588f124d5f Version: e80b0fade09ef1ee67b0898d480d4c588f124d5f Version: e80b0fade09ef1ee67b0898d480d4c588f124d5f Version: e80b0fade09ef1ee67b0898d480d4c588f124d5f Version: e80b0fade09ef1ee67b0898d480d4c588f124d5f Version: e80b0fade09ef1ee67b0898d480d4c588f124d5f |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0aab7b07a9375337847c9d74a5ec044071e01c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/51fe16c058acb22f847e69bc598066ed0bcd5c15"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f68820f1256b21466ff094dd97f243b7e708f9c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3eee13ab67f65606faa66e0c3c729e4f514838fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0e2eec76920a133dd49a4fbe4656d83596a1361"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2cc32639ec347e3365075b130f9953ef16cb13f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24bff7f714bdff97c2a75a0ff6a368cdf8ad5af4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16637fea001ab3c8df528a8995b3211906165a30"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38619",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:11:41.791337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:50.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/storage/alauda.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e0aab7b07a9375337847c9d74a5ec044071e01c8",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
},
{
"lessThan": "51fe16c058acb22f847e69bc598066ed0bcd5c15",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
},
{
"lessThan": "f68820f1256b21466ff094dd97f243b7e708f9c1",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
},
{
"lessThan": "3eee13ab67f65606faa66e0c3c729e4f514838fd",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
},
{
"lessThan": "e0e2eec76920a133dd49a4fbe4656d83596a1361",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
},
{
"lessThan": "2cc32639ec347e3365075b130f9953ef16cb13f1",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
},
{
"lessThan": "24bff7f714bdff97c2a75a0ff6a368cdf8ad5af4",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
},
{
"lessThan": "16637fea001ab3c8df528a8995b3211906165a30",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/storage/alauda.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.16"
},
{
"lessThan": "2.6.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb-storage: alauda: Check whether the media is initialized\n\nThe member \"uzonesize\" of struct alauda_info will remain 0\nif alauda_init_media() fails, potentially causing divide errors\nin alauda_read_data() and alauda_write_lba().\n- Add a member \"media_initialized\" to struct alauda_info.\n- Change a condition in alauda_check_media() to ensure the\n first initialization.\n- Add an error check for the return value of alauda_init_media()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:26.343Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e0aab7b07a9375337847c9d74a5ec044071e01c8"
},
{
"url": "https://git.kernel.org/stable/c/51fe16c058acb22f847e69bc598066ed0bcd5c15"
},
{
"url": "https://git.kernel.org/stable/c/f68820f1256b21466ff094dd97f243b7e708f9c1"
},
{
"url": "https://git.kernel.org/stable/c/3eee13ab67f65606faa66e0c3c729e4f514838fd"
},
{
"url": "https://git.kernel.org/stable/c/e0e2eec76920a133dd49a4fbe4656d83596a1361"
},
{
"url": "https://git.kernel.org/stable/c/2cc32639ec347e3365075b130f9953ef16cb13f1"
},
{
"url": "https://git.kernel.org/stable/c/24bff7f714bdff97c2a75a0ff6a368cdf8ad5af4"
},
{
"url": "https://git.kernel.org/stable/c/16637fea001ab3c8df528a8995b3211906165a30"
}
],
"title": "usb-storage: alauda: Check whether the media is initialized",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38619",
"datePublished": "2024-06-20T06:47:32.444Z",
"dateReserved": "2024-06-18T19:36:34.945Z",
"dateUpdated": "2025-05-04T09:15:26.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39362 (GCVE-0-2024-39362)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-07-02T19:14:42.574Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39362",
"datePublished": "2024-06-25T14:22:42.255Z",
"dateRejected": "2024-07-02T19:14:42.574Z",
"dateReserved": "2024-06-24T13:54:11.078Z",
"dateUpdated": "2024-07-02T19:14:42.574Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52672 (GCVE-0-2023-52672)
Vulnerability from cvelistv5
Published
2024-05-17 14:02
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
pipe: wakeup wr_wait after setting max_usage
Commit c73be61cede5 ("pipe: Add general notification queue support") a
regression was introduced that would lock up resized pipes under certain
conditions. See the reproducer in [1].
The commit resizing the pipe ring size was moved to a different
function, doing that moved the wakeup for pipe->wr_wait before actually
raising pipe->max_usage. If a pipe was full before the resize occured it
would result in the wakeup never actually triggering pipe_write.
Set @max_usage and @nr_accounted before waking writers if this isn't a
watch queue.
[Christian Brauner <brauner@kernel.org>: rewrite to account for watch queues]
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c73be61cede5882f9605a852414db559c0ebedfd Version: c73be61cede5882f9605a852414db559c0ebedfd Version: c73be61cede5882f9605a852414db559c0ebedfd Version: c73be61cede5882f9605a852414db559c0ebedfd Version: c73be61cede5882f9605a852414db559c0ebedfd Version: c73be61cede5882f9605a852414db559c0ebedfd |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "162ae0e78bda",
"status": "affected",
"version": "c73be61cede5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3efbd114b915",
"status": "affected",
"version": "c73be61cede5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b87a1229d866",
"status": "affected",
"version": "c73be61cede5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "68e51bdb1194",
"status": "affected",
"version": "c73be61cede5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6fb70694f8d1",
"status": "affected",
"version": "c73be61cede5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e95aada4cb93",
"status": "affected",
"version": "c73be61cede5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.8"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.210",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.149",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.76",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.15",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.7.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.8"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T16:59:59.118362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:06:58.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3efbd114b91525bb095b8ae046382197d92126b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b87a1229d8668fbc78ebd9ca0fc797a76001c60f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68e51bdb1194f11d3452525b99c98aff6f837b24"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fb70694f8d1ac34e45246b0ac988f025e1e5b55"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e95aada4cb93d42e25c30a0ef9eb2923d9711d4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/pipe.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "3efbd114b91525bb095b8ae046382197d92126b9",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "b87a1229d8668fbc78ebd9ca0fc797a76001c60f",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "68e51bdb1194f11d3452525b99c98aff6f837b24",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "6fb70694f8d1ac34e45246b0ac988f025e1e5b55",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "e95aada4cb93d42e25c30a0ef9eb2923d9711d4a",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/pipe.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npipe: wakeup wr_wait after setting max_usage\n\nCommit c73be61cede5 (\"pipe: Add general notification queue support\") a\nregression was introduced that would lock up resized pipes under certain\nconditions. See the reproducer in [1].\n\nThe commit resizing the pipe ring size was moved to a different\nfunction, doing that moved the wakeup for pipe-\u003ewr_wait before actually\nraising pipe-\u003emax_usage. If a pipe was full before the resize occured it\nwould result in the wakeup never actually triggering pipe_write.\n\nSet @max_usage and @nr_accounted before waking writers if this isn\u0027t a\nwatch queue.\n\n[Christian Brauner \u003cbrauner@kernel.org\u003e: rewrite to account for watch queues]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:16.156Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8"
},
{
"url": "https://git.kernel.org/stable/c/3efbd114b91525bb095b8ae046382197d92126b9"
},
{
"url": "https://git.kernel.org/stable/c/b87a1229d8668fbc78ebd9ca0fc797a76001c60f"
},
{
"url": "https://git.kernel.org/stable/c/68e51bdb1194f11d3452525b99c98aff6f837b24"
},
{
"url": "https://git.kernel.org/stable/c/6fb70694f8d1ac34e45246b0ac988f025e1e5b55"
},
{
"url": "https://git.kernel.org/stable/c/e95aada4cb93d42e25c30a0ef9eb2923d9711d4a"
}
],
"title": "pipe: wakeup wr_wait after setting max_usage",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52672",
"datePublished": "2024-05-17T14:02:10.308Z",
"dateReserved": "2024-03-07T14:49:46.886Z",
"dateUpdated": "2025-05-04T07:41:16.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38611 (GCVE-0-2024-38611)
Vulnerability from cvelistv5
Published
2024-06-19 13:56
Modified
2025-05-04 09:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: i2c: et8ek8: Don't strip remove function when driver is builtin
Using __exit for the remove function results in the remove callback
being discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets
unbound (e.g. using sysfs or hotplug), the driver is just removed
without the cleanup being performed. This results in resource leaks. Fix
it by compiling in the remove callback unconditionally.
This also fixes a W=1 modpost warning:
WARNING: modpost: drivers/media/i2c/et8ek8/et8ek8: section mismatch in reference: et8ek8_i2c_driver+0x10 (section: .data) -> et8ek8_remove (section: .exit.text)
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c5254e72b8edc2ca0a98703e92e8c34959343d2c Version: c5254e72b8edc2ca0a98703e92e8c34959343d2c Version: c5254e72b8edc2ca0a98703e92e8c34959343d2c Version: c5254e72b8edc2ca0a98703e92e8c34959343d2c Version: c5254e72b8edc2ca0a98703e92e8c34959343d2c Version: c5254e72b8edc2ca0a98703e92e8c34959343d2c Version: c5254e72b8edc2ca0a98703e92e8c34959343d2c |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:26.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1a3803e5bb91c13e9ad582003e4288f67f06cd9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43fff07e4b1956d0e5cf23717507e438278ea3d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/904db2ba44ae60641b6378c5013254d09acf5e80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/545b215736c5c4b354e182d99c578a472ac9bfce"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:05.584089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:53.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/i2c/et8ek8/et8ek8_driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "963523600d9f1e36bc35ba774c2493d6baa4dd8f",
"status": "affected",
"version": "c5254e72b8edc2ca0a98703e92e8c34959343d2c",
"versionType": "git"
},
{
"lessThan": "ece3fc1c10197052044048bea4f13cfdcf25b416",
"status": "affected",
"version": "c5254e72b8edc2ca0a98703e92e8c34959343d2c",
"versionType": "git"
},
{
"lessThan": "04d1086a62ac492ebb6bb0c94c1c8cb55f5d1f36",
"status": "affected",
"version": "c5254e72b8edc2ca0a98703e92e8c34959343d2c",
"versionType": "git"
},
{
"lessThan": "c1a3803e5bb91c13e9ad582003e4288f67f06cd9",
"status": "affected",
"version": "c5254e72b8edc2ca0a98703e92e8c34959343d2c",
"versionType": "git"
},
{
"lessThan": "43fff07e4b1956d0e5cf23717507e438278ea3d9",
"status": "affected",
"version": "c5254e72b8edc2ca0a98703e92e8c34959343d2c",
"versionType": "git"
},
{
"lessThan": "904db2ba44ae60641b6378c5013254d09acf5e80",
"status": "affected",
"version": "c5254e72b8edc2ca0a98703e92e8c34959343d2c",
"versionType": "git"
},
{
"lessThan": "545b215736c5c4b354e182d99c578a472ac9bfce",
"status": "affected",
"version": "c5254e72b8edc2ca0a98703e92e8c34959343d2c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/i2c/et8ek8/et8ek8_driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.236",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.180",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.133",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.236",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.180",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.133",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: et8ek8: Don\u0027t strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback\nbeing discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets\nunbound (e.g. using sysfs or hotplug), the driver is just removed\nwithout the cleanup being performed. This results in resource leaks. Fix\nit by compiling in the remove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\n\tWARNING: modpost: drivers/media/i2c/et8ek8/et8ek8: section mismatch in reference: et8ek8_i2c_driver+0x10 (section: .data) -\u003e et8ek8_remove (section: .exit.text)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:15.931Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/963523600d9f1e36bc35ba774c2493d6baa4dd8f"
},
{
"url": "https://git.kernel.org/stable/c/ece3fc1c10197052044048bea4f13cfdcf25b416"
},
{
"url": "https://git.kernel.org/stable/c/04d1086a62ac492ebb6bb0c94c1c8cb55f5d1f36"
},
{
"url": "https://git.kernel.org/stable/c/c1a3803e5bb91c13e9ad582003e4288f67f06cd9"
},
{
"url": "https://git.kernel.org/stable/c/43fff07e4b1956d0e5cf23717507e438278ea3d9"
},
{
"url": "https://git.kernel.org/stable/c/904db2ba44ae60641b6378c5013254d09acf5e80"
},
{
"url": "https://git.kernel.org/stable/c/545b215736c5c4b354e182d99c578a472ac9bfce"
}
],
"title": "media: i2c: et8ek8: Don\u0027t strip remove function when driver is builtin",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38611",
"datePublished": "2024-06-19T13:56:12.742Z",
"dateReserved": "2024-06-18T19:36:34.942Z",
"dateUpdated": "2025-05-04T09:15:15.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52789 (GCVE-0-2023-52789)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: vcc: Add check for kstrdup() in vcc_probe()
Add check for the return value of kstrdup() and return the error, if it
fails in order to avoid NULL pointer dereference.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:26:54.599134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:29.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38cd56fc9de78bf3c878790785e8c231116ef9d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/909963e0c16778cec28efb1affc21558825f4200"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/460284dfb10b207980c6f3f7046e33446ceb38ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ef41a7f33ffe1a335e7db7e1564ddc6afad47cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c80f48912b5bd4965352d1a9a989e21743a4a06"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7cebc86481bf16049e266f6774d90f2fd4f8d5d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a24a31826246b15477399febd13292b0c9f0ee9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f8771757b130383732195497e47fba2aba76d3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d81ffb87aaa75f842cd7aa57091810353755b3e6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/vcc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "38cd56fc9de78bf3c878790785e8c231116ef9d3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "909963e0c16778cec28efb1affc21558825f4200",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "460284dfb10b207980c6f3f7046e33446ceb38ac",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4ef41a7f33ffe1a335e7db7e1564ddc6afad47cc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6c80f48912b5bd4965352d1a9a989e21743a4a06",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7cebc86481bf16049e266f6774d90f2fd4f8d5d2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4a24a31826246b15477399febd13292b0c9f0ee9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8f8771757b130383732195497e47fba2aba76d3a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d81ffb87aaa75f842cd7aa57091810353755b3e6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/vcc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: vcc: Add check for kstrdup() in vcc_probe()\n\nAdd check for the return value of kstrdup() and return the error, if it\nfails in order to avoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:14.701Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/38cd56fc9de78bf3c878790785e8c231116ef9d3"
},
{
"url": "https://git.kernel.org/stable/c/909963e0c16778cec28efb1affc21558825f4200"
},
{
"url": "https://git.kernel.org/stable/c/460284dfb10b207980c6f3f7046e33446ceb38ac"
},
{
"url": "https://git.kernel.org/stable/c/4ef41a7f33ffe1a335e7db7e1564ddc6afad47cc"
},
{
"url": "https://git.kernel.org/stable/c/6c80f48912b5bd4965352d1a9a989e21743a4a06"
},
{
"url": "https://git.kernel.org/stable/c/7cebc86481bf16049e266f6774d90f2fd4f8d5d2"
},
{
"url": "https://git.kernel.org/stable/c/4a24a31826246b15477399febd13292b0c9f0ee9"
},
{
"url": "https://git.kernel.org/stable/c/8f8771757b130383732195497e47fba2aba76d3a"
},
{
"url": "https://git.kernel.org/stable/c/d81ffb87aaa75f842cd7aa57091810353755b3e6"
}
],
"title": "tty: vcc: Add check for kstrdup() in vcc_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52789",
"datePublished": "2024-05-21T15:31:05.616Z",
"dateReserved": "2024-05-21T15:19:24.241Z",
"dateUpdated": "2025-05-04T07:43:14.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36965 (GCVE-0-2024-36965)
Vulnerability from cvelistv5
Published
2024-06-08 12:52
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
The IPI buffer location is read from the firmware that we load to the
System Companion Processor, and it's not granted that both the SRAM
(L2TCM) size that is defined in the devicetree node is large enough
for that, and while this is especially true for multi-core SCP, it's
still useful to check on single-core variants as well.
Failing to perform this check may make this driver perform R/W
operations out of the L2TCM boundary, resulting (at best) in a
kernel panic.
To fix that, check that the IPI buffer fits, otherwise return a
failure and refuse to boot the relevant SCP core (or the SCP at
all, if this is single core).
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3efa0ea743b77d1611501f7d8b4f320d032d73ae Version: 3efa0ea743b77d1611501f7d8b4f320d032d73ae Version: 3efa0ea743b77d1611501f7d8b4f320d032d73ae Version: 3efa0ea743b77d1611501f7d8b4f320d032d73ae Version: 3efa0ea743b77d1611501f7d8b4f320d032d73ae Version: 3efa0ea743b77d1611501f7d8b4f320d032d73ae |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00548ac6b14428719c970ef90adae2b3b48c0cdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d9e2de24533daca36cbf09e8d8596bf72b526b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26c6d7dc8c6a9fde9d362ab2eef6390efeff145e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/838b49e211d59fa827ff9df062d4020917cffbdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36c79eb4845551e9f6d28c663b38ce0ab03b84a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/331f91d86f71d0bb89a44217cc0b2a22810bbd42"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:29.133298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:58.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/remoteproc/mtk_scp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "00548ac6b14428719c970ef90adae2b3b48c0cdf",
"status": "affected",
"version": "3efa0ea743b77d1611501f7d8b4f320d032d73ae",
"versionType": "git"
},
{
"lessThan": "1d9e2de24533daca36cbf09e8d8596bf72b526b2",
"status": "affected",
"version": "3efa0ea743b77d1611501f7d8b4f320d032d73ae",
"versionType": "git"
},
{
"lessThan": "26c6d7dc8c6a9fde9d362ab2eef6390efeff145e",
"status": "affected",
"version": "3efa0ea743b77d1611501f7d8b4f320d032d73ae",
"versionType": "git"
},
{
"lessThan": "838b49e211d59fa827ff9df062d4020917cffbdf",
"status": "affected",
"version": "3efa0ea743b77d1611501f7d8b4f320d032d73ae",
"versionType": "git"
},
{
"lessThan": "36c79eb4845551e9f6d28c663b38ce0ab03b84a9",
"status": "affected",
"version": "3efa0ea743b77d1611501f7d8b4f320d032d73ae",
"versionType": "git"
},
{
"lessThan": "331f91d86f71d0bb89a44217cc0b2a22810bbd42",
"status": "affected",
"version": "3efa0ea743b77d1611501f7d8b4f320d032d73ae",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/remoteproc/mtk_scp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.160",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.92",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.160",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.92",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.32",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.11",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.2",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: mediatek: Make sure IPI buffer fits in L2TCM\n\nThe IPI buffer location is read from the firmware that we load to the\nSystem Companion Processor, and it\u0027s not granted that both the SRAM\n(L2TCM) size that is defined in the devicetree node is large enough\nfor that, and while this is especially true for multi-core SCP, it\u0027s\nstill useful to check on single-core variants as well.\n\nFailing to perform this check may make this driver perform R/W\noperations out of the L2TCM boundary, resulting (at best) in a\nkernel panic.\n\nTo fix that, check that the IPI buffer fits, otherwise return a\nfailure and refuse to boot the relevant SCP core (or the SCP at\nall, if this is single core)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:58.457Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/00548ac6b14428719c970ef90adae2b3b48c0cdf"
},
{
"url": "https://git.kernel.org/stable/c/1d9e2de24533daca36cbf09e8d8596bf72b526b2"
},
{
"url": "https://git.kernel.org/stable/c/26c6d7dc8c6a9fde9d362ab2eef6390efeff145e"
},
{
"url": "https://git.kernel.org/stable/c/838b49e211d59fa827ff9df062d4020917cffbdf"
},
{
"url": "https://git.kernel.org/stable/c/36c79eb4845551e9f6d28c663b38ce0ab03b84a9"
},
{
"url": "https://git.kernel.org/stable/c/331f91d86f71d0bb89a44217cc0b2a22810bbd42"
}
],
"title": "remoteproc: mediatek: Make sure IPI buffer fits in L2TCM",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36965",
"datePublished": "2024-06-08T12:52:58.404Z",
"dateReserved": "2024-05-30T15:25:07.081Z",
"dateUpdated": "2025-05-04T09:12:58.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52878 (GCVE-0-2023-52878)
Vulnerability from cvelistv5
Published
2024-05-21 15:32
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds
If the "struct can_priv::echoo_skb" is accessed out of bounds, this
would cause a kernel crash. Instead, issue a meaningful warning
message and return with an error.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:05:12.659416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:41.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/826120c9ba68f2d0dbae58e99013929c883d1444"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d30931f1fa0fb893fb7d5dc32b6b7edfb775be4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53c468008a7c9ca3f5fc985951f35ec2acae85bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ab67da060157362b2e0926692c659808784708f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6411959c10fe917288cbb1038886999148560057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/can/dev/skb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "826120c9ba68f2d0dbae58e99013929c883d1444",
"status": "affected",
"version": "a6e4bc5304033e434fabccabb230b8e9ff55d76f",
"versionType": "git"
},
{
"lessThan": "0d30931f1fa0fb893fb7d5dc32b6b7edfb775be4",
"status": "affected",
"version": "a6e4bc5304033e434fabccabb230b8e9ff55d76f",
"versionType": "git"
},
{
"lessThan": "53c468008a7c9ca3f5fc985951f35ec2acae85bc",
"status": "affected",
"version": "a6e4bc5304033e434fabccabb230b8e9ff55d76f",
"versionType": "git"
},
{
"lessThan": "8ab67da060157362b2e0926692c659808784708f",
"status": "affected",
"version": "a6e4bc5304033e434fabccabb230b8e9ff55d76f",
"versionType": "git"
},
{
"lessThan": "6411959c10fe917288cbb1038886999148560057",
"status": "affected",
"version": "a6e4bc5304033e434fabccabb230b8e9ff55d76f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/can/dev/skb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "2.6.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: dev: can_put_echo_skb(): don\u0027t crash kernel if can_priv::echo_skb is accessed out of bounds\n\nIf the \"struct can_priv::echoo_skb\" is accessed out of bounds, this\nwould cause a kernel crash. Instead, issue a meaningful warning\nmessage and return with an error."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:00.765Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/826120c9ba68f2d0dbae58e99013929c883d1444"
},
{
"url": "https://git.kernel.org/stable/c/0d30931f1fa0fb893fb7d5dc32b6b7edfb775be4"
},
{
"url": "https://git.kernel.org/stable/c/53c468008a7c9ca3f5fc985951f35ec2acae85bc"
},
{
"url": "https://git.kernel.org/stable/c/8ab67da060157362b2e0926692c659808784708f"
},
{
"url": "https://git.kernel.org/stable/c/6411959c10fe917288cbb1038886999148560057"
}
],
"title": "can: dev: can_put_echo_skb(): don\u0027t crash kernel if can_priv::echo_skb is accessed out of bounds",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52878",
"datePublished": "2024-05-21T15:32:10.616Z",
"dateReserved": "2024-05-21T15:19:24.264Z",
"dateUpdated": "2025-05-04T07:45:00.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38592 (GCVE-0-2024-38592)
Vulnerability from cvelistv5
Published
2024-06-19 13:45
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Init `ddp_comp` with devm_kcalloc()
In the case where `conn_routes` is true we allocate an extra slot in
the `ddp_comp` array but mtk_drm_crtc_create() never seemed to
initialize it in the test case I ran. For me, this caused a later
crash when we looped through the array in mtk_drm_crtc_mode_valid().
This showed up for me when I booted with `slub_debug=FZPUA` which
poisons the memory initially. Without `slub_debug` I couldn't
reproduce, presumably because the later code handles the value being
NULL and in most cases (not guaranteed in all cases) the memory the
allocator returned started out as 0.
It really doesn't hurt to initialize the array with devm_kcalloc()
since the array is small and the overhead of initting a handful of
elements to 0 is small. In general initting memory to zero is a safer
practice and usually it's suggested to only use the non-initting alloc
functions if you really need to.
Let's switch the function to use an allocation function that zeros the
memory. For me, this avoids the crash.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T19:44:50.300653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T19:44:58.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf69d0af7db917b82aceaa44b7b1b9376609da22"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9fe2cc3fa44f7ad7ba5f29c1a68b2b924c17b9b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01a2c5123e27b3c4685bf2fc4c2e879f6e0c7b33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/mediatek/mtk_drm_crtc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cf69d0af7db917b82aceaa44b7b1b9376609da22",
"status": "affected",
"version": "01389b324c97ff8f04e9c33b9ee246084f9f6dd2",
"versionType": "git"
},
{
"lessThan": "9fe2cc3fa44f7ad7ba5f29c1a68b2b924c17b9b1",
"status": "affected",
"version": "01389b324c97ff8f04e9c33b9ee246084f9f6dd2",
"versionType": "git"
},
{
"lessThan": "01a2c5123e27b3c4685bf2fc4c2e879f6e0c7b33",
"status": "affected",
"version": "01389b324c97ff8f04e9c33b9ee246084f9f6dd2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/mediatek/mtk_drm_crtc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Init `ddp_comp` with devm_kcalloc()\n\nIn the case where `conn_routes` is true we allocate an extra slot in\nthe `ddp_comp` array but mtk_drm_crtc_create() never seemed to\ninitialize it in the test case I ran. For me, this caused a later\ncrash when we looped through the array in mtk_drm_crtc_mode_valid().\nThis showed up for me when I booted with `slub_debug=FZPUA` which\npoisons the memory initially. Without `slub_debug` I couldn\u0027t\nreproduce, presumably because the later code handles the value being\nNULL and in most cases (not guaranteed in all cases) the memory the\nallocator returned started out as 0.\n\nIt really doesn\u0027t hurt to initialize the array with devm_kcalloc()\nsince the array is small and the overhead of initting a handful of\nelements to 0 is small. In general initting memory to zero is a safer\npractice and usually it\u0027s suggested to only use the non-initting alloc\nfunctions if you really need to.\n\nLet\u0027s switch the function to use an allocation function that zeros the\nmemory. For me, this avoids the crash."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:49.921Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cf69d0af7db917b82aceaa44b7b1b9376609da22"
},
{
"url": "https://git.kernel.org/stable/c/9fe2cc3fa44f7ad7ba5f29c1a68b2b924c17b9b1"
},
{
"url": "https://git.kernel.org/stable/c/01a2c5123e27b3c4685bf2fc4c2e879f6e0c7b33"
}
],
"title": "drm/mediatek: Init `ddp_comp` with devm_kcalloc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38592",
"datePublished": "2024-06-19T13:45:43.367Z",
"dateReserved": "2024-06-18T19:36:34.930Z",
"dateUpdated": "2025-05-04T09:14:49.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38780 (GCVE-0-2024-38780)
Vulnerability from cvelistv5
Published
2024-06-21 11:15
Modified
2025-05-04 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from
known context") by error replaced spin_unlock_irqrestore() with
spin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite
sync_print_obj() is called from sync_debugfs_show(), lockdep complains
inconsistent lock state warning.
Use plain spin_{lock,unlock}() for sync_print_obj(), for
sync_debugfs_show() is already using spin_{lock,unlock}_irq().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: a6aa8fca4d792c72947e341d7842d2f700534335 Version: f14ad42b8743897d140808467ed4ae3ce93bd0a5 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc543963b25aef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a283cdfc8beeb14024387a925247b563d614e1e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b794918961516f667b0c745aebdfebbb8a98df39"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:08:56.155586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:44.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma-buf/sync_debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1ff116f68560a25656933d5a18e7619cb6773d8a",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"lessThan": "165b25e3ee9333f7b04f8db43895beacb51582ed",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"lessThan": "ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"lessThan": "9d75fab2c14a25553a1664586ed122c316bd1878",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"lessThan": "242b30466879e6defa521573c27e12018276c33a",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"lessThan": "a4ee78244445ab73af22bfc5a5fc543963b25aef",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"lessThan": "8a283cdfc8beeb14024387a925247b563d614e1e",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"lessThan": "b794918961516f667b0c745aebdfebbb8a98df39",
"status": "affected",
"version": "a6aa8fca4d792c72947e341d7842d2f700534335",
"versionType": "git"
},
{
"status": "affected",
"version": "f14ad42b8743897d140808467ed4ae3ce93bd0a5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma-buf/sync_debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/sw-sync: don\u0027t enable IRQ from sync_print_obj()\n\nSince commit a6aa8fca4d79 (\"dma-buf/sw-sync: Reduce irqsave/irqrestore from\nknown context\") by error replaced spin_unlock_irqrestore() with\nspin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite\nsync_print_obj() is called from sync_debugfs_show(), lockdep complains\ninconsistent lock state warning.\n\nUse plain spin_{lock,unlock}() for sync_print_obj(), for\nsync_debugfs_show() is already using spin_{lock,unlock}_irq()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:56:57.687Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a"
},
{
"url": "https://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed"
},
{
"url": "https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8"
},
{
"url": "https://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878"
},
{
"url": "https://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a"
},
{
"url": "https://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc543963b25aef"
},
{
"url": "https://git.kernel.org/stable/c/8a283cdfc8beeb14024387a925247b563d614e1e"
},
{
"url": "https://git.kernel.org/stable/c/b794918961516f667b0c745aebdfebbb8a98df39"
}
],
"title": "dma-buf/sw-sync: don\u0027t enable IRQ from sync_print_obj()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38780",
"datePublished": "2024-06-21T11:15:12.892Z",
"dateReserved": "2024-06-21T10:12:11.516Z",
"dateUpdated": "2025-05-04T12:56:57.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52781 (GCVE-0-2023-52781)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
The BOS descriptor defines a root descriptor and is the base descriptor for
accessing a family of related descriptors.
Function 'usb_get_bos_descriptor()' encounters an iteration issue when
skipping the 'USB_DT_DEVICE_CAPABILITY' descriptor type. This results in
the same descriptor being read repeatedly.
To address this issue, a 'goto' statement is introduced to ensure that the
pointer and the amount read is updated correctly. This ensures that the
function iterates to the next descriptor instead of reading the same
descriptor repeatedly.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3dd550a2d36596a1b0ee7955da3b611c031d3873 Version: 3dd550a2d36596a1b0ee7955da3b611c031d3873 Version: 3dd550a2d36596a1b0ee7955da3b611c031d3873 Version: 3dd550a2d36596a1b0ee7955da3b611c031d3873 Version: 3dd550a2d36596a1b0ee7955da3b611c031d3873 Version: 77ce180d68beffd1af620d0121590e16683fc6b8 Version: 20a07e1aadcd6990893c532d1b2b507bfa065152 Version: a5c051b6503c0ba543e993cfc295b64f096e0a29 Version: ea4a173d8358b756a780786baa3fc39d282bdbe3 Version: 77d4e2a058858b4a94fc469bc1bfc94a0958e252 Version: 1fc15d29540a69cfb55c8b8f8c38f1af33178243 Version: 9f8dd40c68c176f2c3f1fc8b87bc81756856938f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:27:41.275139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:33.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ef94ec8e52eaf7b9abc5b5f8f5b911751112223"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64c27b7b2357ddb38b6afebaf46d5bff4d250702"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f89fef7710b2ba0f7a1e46594e530dcf2f77be91"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c0244cc311a4038505b73682b7c8ceaa5c7a8c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/974bba5c118f4c2baf00de0356e3e4f7928b4cbc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/config.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9ef94ec8e52eaf7b9abc5b5f8f5b911751112223",
"status": "affected",
"version": "3dd550a2d36596a1b0ee7955da3b611c031d3873",
"versionType": "git"
},
{
"lessThan": "64c27b7b2357ddb38b6afebaf46d5bff4d250702",
"status": "affected",
"version": "3dd550a2d36596a1b0ee7955da3b611c031d3873",
"versionType": "git"
},
{
"lessThan": "f89fef7710b2ba0f7a1e46594e530dcf2f77be91",
"status": "affected",
"version": "3dd550a2d36596a1b0ee7955da3b611c031d3873",
"versionType": "git"
},
{
"lessThan": "7c0244cc311a4038505b73682b7c8ceaa5c7a8c8",
"status": "affected",
"version": "3dd550a2d36596a1b0ee7955da3b611c031d3873",
"versionType": "git"
},
{
"lessThan": "974bba5c118f4c2baf00de0356e3e4f7928b4cbc",
"status": "affected",
"version": "3dd550a2d36596a1b0ee7955da3b611c031d3873",
"versionType": "git"
},
{
"status": "affected",
"version": "77ce180d68beffd1af620d0121590e16683fc6b8",
"versionType": "git"
},
{
"status": "affected",
"version": "20a07e1aadcd6990893c532d1b2b507bfa065152",
"versionType": "git"
},
{
"status": "affected",
"version": "a5c051b6503c0ba543e993cfc295b64f096e0a29",
"versionType": "git"
},
{
"status": "affected",
"version": "ea4a173d8358b756a780786baa3fc39d282bdbe3",
"versionType": "git"
},
{
"status": "affected",
"version": "77d4e2a058858b4a94fc469bc1bfc94a0958e252",
"versionType": "git"
},
{
"status": "affected",
"version": "1fc15d29540a69cfb55c8b8f8c38f1af33178243",
"versionType": "git"
},
{
"status": "affected",
"version": "9f8dd40c68c176f2c3f1fc8b87bc81756856938f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/config.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.142",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.66",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.203",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.142",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.66",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.4",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: config: fix iteration issue in \u0027usb_get_bos_descriptor()\u0027\n\nThe BOS descriptor defines a root descriptor and is the base descriptor for\naccessing a family of related descriptors.\n\nFunction \u0027usb_get_bos_descriptor()\u0027 encounters an iteration issue when\nskipping the \u0027USB_DT_DEVICE_CAPABILITY\u0027 descriptor type. This results in\nthe same descriptor being read repeatedly.\n\nTo address this issue, a \u0027goto\u0027 statement is introduced to ensure that the\npointer and the amount read is updated correctly. This ensures that the\nfunction iterates to the next descriptor instead of reading the same\ndescriptor repeatedly."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:36.372Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9ef94ec8e52eaf7b9abc5b5f8f5b911751112223"
},
{
"url": "https://git.kernel.org/stable/c/64c27b7b2357ddb38b6afebaf46d5bff4d250702"
},
{
"url": "https://git.kernel.org/stable/c/f89fef7710b2ba0f7a1e46594e530dcf2f77be91"
},
{
"url": "https://git.kernel.org/stable/c/7c0244cc311a4038505b73682b7c8ceaa5c7a8c8"
},
{
"url": "https://git.kernel.org/stable/c/974bba5c118f4c2baf00de0356e3e4f7928b4cbc"
}
],
"title": "usb: config: fix iteration issue in \u0027usb_get_bos_descriptor()\u0027",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52781",
"datePublished": "2024-05-21T15:31:00.242Z",
"dateReserved": "2024-05-21T15:19:24.240Z",
"dateUpdated": "2025-05-04T12:49:36.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52783 (GCVE-0-2023-52783)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: wangxun: fix kernel panic due to null pointer
When the device uses a custom subsystem vendor ID, the function
wx_sw_init() returns before the memory of 'wx->mac_table' is allocated.
The null pointer will causes the kernel panic.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52783",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T17:46:59.012551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:56.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61a55071653974dab172d4c5d699bb365cfd13c9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ba2c459668cfe2aaacc5ebcd35b4b9ef8643013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/wangxun/libwx/wx_hw.c",
"drivers/net/ethernet/wangxun/ngbe/ngbe_main.c",
"drivers/net/ethernet/wangxun/txgbe/txgbe_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "61a55071653974dab172d4c5d699bb365cfd13c9",
"status": "affected",
"version": "79625f45ca73ef37c18a6e4b5b6ce7daa1e92683",
"versionType": "git"
},
{
"lessThan": "8ba2c459668cfe2aaacc5ebcd35b4b9ef8643013",
"status": "affected",
"version": "79625f45ca73ef37c18a6e4b5b6ce7daa1e92683",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/wangxun/libwx/wx_hw.c",
"drivers/net/ethernet/wangxun/ngbe/ngbe_main.c",
"drivers/net/ethernet/wangxun/txgbe/txgbe_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.4",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wangxun: fix kernel panic due to null pointer\n\nWhen the device uses a custom subsystem vendor ID, the function\nwx_sw_init() returns before the memory of \u0027wx-\u003emac_table\u0027 is allocated.\nThe null pointer will causes the kernel panic."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:08.056Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/61a55071653974dab172d4c5d699bb365cfd13c9"
},
{
"url": "https://git.kernel.org/stable/c/8ba2c459668cfe2aaacc5ebcd35b4b9ef8643013"
}
],
"title": "net: wangxun: fix kernel panic due to null pointer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52783",
"datePublished": "2024-05-21T15:31:01.598Z",
"dateReserved": "2024-05-21T15:19:24.240Z",
"dateUpdated": "2025-05-04T07:43:08.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0090 (GCVE-0-2024-0090)
Vulnerability from cvelistv5
Published
2024-06-13 21:23
Modified
2024-08-01 17:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nvidia | GPU display driver, vGPU software, and Cloud Gaming |
Version: All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "gpu_display_driver",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:nvidia:virtual_gpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "virtual_gpu",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:nvidia:cloud_gaming:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cloud_gaming",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "13.10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-15T03:55:33.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GPU display driver, vGPU software, and Cloud Gaming",
"vendor": "nvidia",
"versions": [
{
"status": "affected",
"version": "All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
}
],
"value": "NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution, denial of service, escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T21:23:28.800Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE"
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0090",
"datePublished": "2024-06-13T21:23:28.800Z",
"dateReserved": "2023-12-02T00:41:59.934Z",
"dateUpdated": "2024-08-01T17:41:15.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36899 (GCVE-0-2024-36899)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: cdev: Fix use after free in lineinfo_changed_notify
The use-after-free issue occurs as follows: when the GPIO chip device file
is being closed by invoking gpio_chrdev_release(), watched_lines is freed
by bitmap_free(), but the unregistration of lineinfo_changed_nb notifier
chain failed due to waiting write rwsem. Additionally, one of the GPIO
chip's lines is also in the release process and holds the notifier chain's
read rwsem. Consequently, a race condition leads to the use-after-free of
watched_lines.
Here is the typical stack when issue happened:
[free]
gpio_chrdev_release()
--> bitmap_free(cdev->watched_lines) <-- freed
--> blocking_notifier_chain_unregister()
--> down_write(&nh->rwsem) <-- waiting rwsem
--> __down_write_common()
--> rwsem_down_write_slowpath()
--> schedule_preempt_disabled()
--> schedule()
[use]
st54spi_gpio_dev_release()
--> gpio_free()
--> gpiod_free()
--> gpiod_free_commit()
--> gpiod_line_state_notify()
--> blocking_notifier_call_chain()
--> down_read(&nh->rwsem); <-- held rwsem
--> notifier_call_chain()
--> lineinfo_changed_notify()
--> test_bit(xxxx, cdev->watched_lines) <-- use after free
The side effect of the use-after-free issue is that a GPIO line event is
being generated for userspace where it shouldn't. However, since the chrdev
is being closed, userspace won't have the chance to read that event anyway.
To fix the issue, call the bitmap_free() function after the unregistration
of lineinfo_changed_nb notifier chain.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 51c1064e82e77b39a49889287ca50709303e2f26 Version: 51c1064e82e77b39a49889287ca50709303e2f26 Version: 51c1064e82e77b39a49889287ca50709303e2f26 Version: 51c1064e82e77b39a49889287ca50709303e2f26 Version: 51c1064e82e77b39a49889287ca50709303e2f26 Version: 51c1064e82e77b39a49889287ca50709303e2f26 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T18:48:31.477532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:48:41.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95ca7c90eaf5ea8a8460536535101e3e81160e2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca710b5f40b8b16fdcad50bebd47f50e4c62d239"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02f6b0e1ec7e0e7d059dddc893645816552039da"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpiolib-cdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2dfbb920a89bdc58087672ad5325dc6c588b6860",
"status": "affected",
"version": "51c1064e82e77b39a49889287ca50709303e2f26",
"versionType": "git"
},
{
"lessThan": "2d008d4961b039d2edce8976289773961b7e5fb5",
"status": "affected",
"version": "51c1064e82e77b39a49889287ca50709303e2f26",
"versionType": "git"
},
{
"lessThan": "d38c49f7bdf14381270736299e2ff68ec248a017",
"status": "affected",
"version": "51c1064e82e77b39a49889287ca50709303e2f26",
"versionType": "git"
},
{
"lessThan": "95ca7c90eaf5ea8a8460536535101e3e81160e2a",
"status": "affected",
"version": "51c1064e82e77b39a49889287ca50709303e2f26",
"versionType": "git"
},
{
"lessThan": "ca710b5f40b8b16fdcad50bebd47f50e4c62d239",
"status": "affected",
"version": "51c1064e82e77b39a49889287ca50709303e2f26",
"versionType": "git"
},
{
"lessThan": "02f6b0e1ec7e0e7d059dddc893645816552039da",
"status": "affected",
"version": "51c1064e82e77b39a49889287ca50709303e2f26",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpiolib-cdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.234",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.177",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.234",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.177",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.127",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: Fix use after free in lineinfo_changed_notify\n\nThe use-after-free issue occurs as follows: when the GPIO chip device file\nis being closed by invoking gpio_chrdev_release(), watched_lines is freed\nby bitmap_free(), but the unregistration of lineinfo_changed_nb notifier\nchain failed due to waiting write rwsem. Additionally, one of the GPIO\nchip\u0027s lines is also in the release process and holds the notifier chain\u0027s\nread rwsem. Consequently, a race condition leads to the use-after-free of\nwatched_lines.\n\nHere is the typical stack when issue happened:\n\n[free]\ngpio_chrdev_release()\n --\u003e bitmap_free(cdev-\u003ewatched_lines) \u003c-- freed\n --\u003e blocking_notifier_chain_unregister()\n --\u003e down_write(\u0026nh-\u003erwsem) \u003c-- waiting rwsem\n --\u003e __down_write_common()\n --\u003e rwsem_down_write_slowpath()\n --\u003e schedule_preempt_disabled()\n --\u003e schedule()\n\n[use]\nst54spi_gpio_dev_release()\n --\u003e gpio_free()\n --\u003e gpiod_free()\n --\u003e gpiod_free_commit()\n --\u003e gpiod_line_state_notify()\n --\u003e blocking_notifier_call_chain()\n --\u003e down_read(\u0026nh-\u003erwsem); \u003c-- held rwsem\n --\u003e notifier_call_chain()\n --\u003e lineinfo_changed_notify()\n --\u003e test_bit(xxxx, cdev-\u003ewatched_lines) \u003c-- use after free\n\nThe side effect of the use-after-free issue is that a GPIO line event is\nbeing generated for userspace where it shouldn\u0027t. However, since the chrdev\nis being closed, userspace won\u0027t have the chance to read that event anyway.\n\nTo fix the issue, call the bitmap_free() function after the unregistration\nof lineinfo_changed_nb notifier chain."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:11:39.914Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2dfbb920a89bdc58087672ad5325dc6c588b6860"
},
{
"url": "https://git.kernel.org/stable/c/2d008d4961b039d2edce8976289773961b7e5fb5"
},
{
"url": "https://git.kernel.org/stable/c/d38c49f7bdf14381270736299e2ff68ec248a017"
},
{
"url": "https://git.kernel.org/stable/c/95ca7c90eaf5ea8a8460536535101e3e81160e2a"
},
{
"url": "https://git.kernel.org/stable/c/ca710b5f40b8b16fdcad50bebd47f50e4c62d239"
},
{
"url": "https://git.kernel.org/stable/c/02f6b0e1ec7e0e7d059dddc893645816552039da"
}
],
"title": "gpiolib: cdev: Fix use after free in lineinfo_changed_notify",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36899",
"datePublished": "2024-05-30T15:29:02.591Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2025-05-04T09:11:39.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52844 (GCVE-0-2023-52844)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: psi: Add check for kstrdup
Add check for the return value of kstrdup() and return the error
if it fails in order to avoid NULL pointer dereference.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f90cf6079bf67988f8b1ad1ade70fc89d0080905 Version: f90cf6079bf67988f8b1ad1ade70fc89d0080905 Version: f90cf6079bf67988f8b1ad1ade70fc89d0080905 Version: f90cf6079bf67988f8b1ad1ade70fc89d0080905 Version: f90cf6079bf67988f8b1ad1ade70fc89d0080905 Version: f90cf6079bf67988f8b1ad1ade70fc89d0080905 |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "7a7899f6f58e"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.10"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.10.201"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15.139"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.63"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.5.12"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.2"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52844",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T19:28:09.029238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:52:38.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3387490c89b10aeb4e71d78b65dbc9ba4b2385b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d17269fb9161995303985ab2fe6f16cfb72152f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c26aae3723965c291c65dd2ecad6a3240d422b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5cfcc8de7d733a1137b86954cc28ce99972311ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a51335704a3f90eaf23a6864faefca34b382490a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76a2c5df6ca8bd8ada45e953b8c72b746f42918d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/test-drivers/vidtv/vidtv_psi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3387490c89b10aeb4e71d78b65dbc9ba4b2385b9",
"status": "affected",
"version": "f90cf6079bf67988f8b1ad1ade70fc89d0080905",
"versionType": "git"
},
{
"lessThan": "d17269fb9161995303985ab2fe6f16cfb72152f9",
"status": "affected",
"version": "f90cf6079bf67988f8b1ad1ade70fc89d0080905",
"versionType": "git"
},
{
"lessThan": "5c26aae3723965c291c65dd2ecad6a3240d422b0",
"status": "affected",
"version": "f90cf6079bf67988f8b1ad1ade70fc89d0080905",
"versionType": "git"
},
{
"lessThan": "5cfcc8de7d733a1137b86954cc28ce99972311ad",
"status": "affected",
"version": "f90cf6079bf67988f8b1ad1ade70fc89d0080905",
"versionType": "git"
},
{
"lessThan": "a51335704a3f90eaf23a6864faefca34b382490a",
"status": "affected",
"version": "f90cf6079bf67988f8b1ad1ade70fc89d0080905",
"versionType": "git"
},
{
"lessThan": "76a2c5df6ca8bd8ada45e953b8c72b746f42918d",
"status": "affected",
"version": "f90cf6079bf67988f8b1ad1ade70fc89d0080905",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/test-drivers/vidtv/vidtv_psi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: psi: Add check for kstrdup\n\nAdd check for the return value of kstrdup() and return the error\nif it fails in order to avoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:10.732Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3387490c89b10aeb4e71d78b65dbc9ba4b2385b9"
},
{
"url": "https://git.kernel.org/stable/c/d17269fb9161995303985ab2fe6f16cfb72152f9"
},
{
"url": "https://git.kernel.org/stable/c/5c26aae3723965c291c65dd2ecad6a3240d422b0"
},
{
"url": "https://git.kernel.org/stable/c/5cfcc8de7d733a1137b86954cc28ce99972311ad"
},
{
"url": "https://git.kernel.org/stable/c/a51335704a3f90eaf23a6864faefca34b382490a"
},
{
"url": "https://git.kernel.org/stable/c/76a2c5df6ca8bd8ada45e953b8c72b746f42918d"
}
],
"title": "media: vidtv: psi: Add check for kstrdup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52844",
"datePublished": "2024-05-21T15:31:42.527Z",
"dateReserved": "2024-05-21T15:19:24.254Z",
"dateUpdated": "2025-05-04T07:44:10.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36977 (GCVE-0-2024-36977)
Vulnerability from cvelistv5
Published
2024-06-18 19:27
Modified
2025-05-04 09:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: Wait unconditionally after issuing EndXfer command
Currently all controller IP/revisions except DWC3_usb3 >= 310a
wait 1ms unconditionally for ENDXFER completion when IOC is not
set. This is because DWC_usb3 controller revisions >= 3.10a
supports GUCTL2[14: Rst_actbitlater] bit which allows polling
CMDACT bit to know whether ENDXFER command is completed.
Consider a case where an IN request was queued, and parallelly
soft_disconnect was called (due to ffs_epfile_release). This
eventually calls stop_active_transfer with IOC cleared, hence
send_gadget_ep_cmd() skips waiting for CMDACT cleared during
EndXfer. For DWC3 controllers with revisions >= 310a, we don't
forcefully wait for 1ms either, and we proceed by unmapping the
requests. If ENDXFER didn't complete by this time, it leads to
SMMU faults since the controller would still be accessing those
requests.
Fix this by ensuring ENDXFER completion by adding 1ms delay in
__dwc3_stop_active_transfer() unconditionally.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T19:01:51.855547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T14:56:58.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/341eb08dbca9eae05308c442fbfab1813a44c97a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec96bcf5f96a7a5c556b0e881ac3e5c3924d542c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a387e032909c6dc2b479452c5bbe9a252057925"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ba145f05b5c8f0b1a947a0633b5edff5dd1f1c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d26ba0944d398f88aaf997bda3544646cf21945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/dwc3/gadget.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "341eb08dbca9eae05308c442fbfab1813a44c97a",
"status": "affected",
"version": "b353eb6dc285a0775a447f53e5b2a50bf3f9684f",
"versionType": "git"
},
{
"lessThan": "ec96bcf5f96a7a5c556b0e881ac3e5c3924d542c",
"status": "affected",
"version": "b353eb6dc285a0775a447f53e5b2a50bf3f9684f",
"versionType": "git"
},
{
"lessThan": "4a387e032909c6dc2b479452c5bbe9a252057925",
"status": "affected",
"version": "b353eb6dc285a0775a447f53e5b2a50bf3f9684f",
"versionType": "git"
},
{
"lessThan": "1ba145f05b5c8f0b1a947a0633b5edff5dd1f1c5",
"status": "affected",
"version": "b353eb6dc285a0775a447f53e5b2a50bf3f9684f",
"versionType": "git"
},
{
"lessThan": "1d26ba0944d398f88aaf997bda3544646cf21945",
"status": "affected",
"version": "b353eb6dc285a0775a447f53e5b2a50bf3f9684f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/dwc3/gadget.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.92",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.92",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.32",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.11",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.2",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: Wait unconditionally after issuing EndXfer command\n\nCurrently all controller IP/revisions except DWC3_usb3 \u003e= 310a\nwait 1ms unconditionally for ENDXFER completion when IOC is not\nset. This is because DWC_usb3 controller revisions \u003e= 3.10a\nsupports GUCTL2[14: Rst_actbitlater] bit which allows polling\nCMDACT bit to know whether ENDXFER command is completed.\n\nConsider a case where an IN request was queued, and parallelly\nsoft_disconnect was called (due to ffs_epfile_release). This\neventually calls stop_active_transfer with IOC cleared, hence\nsend_gadget_ep_cmd() skips waiting for CMDACT cleared during\nEndXfer. For DWC3 controllers with revisions \u003e= 310a, we don\u0027t\nforcefully wait for 1ms either, and we proceed by unmapping the\nrequests. If ENDXFER didn\u0027t complete by this time, it leads to\nSMMU faults since the controller would still be accessing those\nrequests.\n\nFix this by ensuring ENDXFER completion by adding 1ms delay in\n__dwc3_stop_active_transfer() unconditionally."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:13.471Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/341eb08dbca9eae05308c442fbfab1813a44c97a"
},
{
"url": "https://git.kernel.org/stable/c/ec96bcf5f96a7a5c556b0e881ac3e5c3924d542c"
},
{
"url": "https://git.kernel.org/stable/c/4a387e032909c6dc2b479452c5bbe9a252057925"
},
{
"url": "https://git.kernel.org/stable/c/1ba145f05b5c8f0b1a947a0633b5edff5dd1f1c5"
},
{
"url": "https://git.kernel.org/stable/c/1d26ba0944d398f88aaf997bda3544646cf21945"
}
],
"title": "usb: dwc3: Wait unconditionally after issuing EndXfer command",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36977",
"datePublished": "2024-06-18T19:27:58.319Z",
"dateReserved": "2024-05-30T15:25:07.082Z",
"dateUpdated": "2025-05-04T09:13:13.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52837 (GCVE-0-2023-52837)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nbd: fix uaf in nbd_open
Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and
blk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won't set
disk->private_data as NULL as before. UAF may be triggered in nbd_open()
if someone tries to open nbd device right after nbd_put() since nbd has
been free in nbd_dev_remove().
Fix this by implementing ->free_disk and free private data in it.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T18:01:48.631616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:20.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e9b3ec84dc97909876641dad14e0a2300d6c2a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/879947f4180bc6e83af64eb0515e0cf57fce15db"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56bd7901b5e9dbc9112036ea615ebcba1565fafe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/327462725b0f759f093788dfbcb2f1fd132f956b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4e9b3ec84dc97909876641dad14e0a2300d6c2a3",
"status": "affected",
"version": "4af5f2e0301311f88c420fcfc5f3c8611ade20ac",
"versionType": "git"
},
{
"lessThan": "879947f4180bc6e83af64eb0515e0cf57fce15db",
"status": "affected",
"version": "4af5f2e0301311f88c420fcfc5f3c8611ade20ac",
"versionType": "git"
},
{
"lessThan": "56bd7901b5e9dbc9112036ea615ebcba1565fafe",
"status": "affected",
"version": "4af5f2e0301311f88c420fcfc5f3c8611ade20ac",
"versionType": "git"
},
{
"lessThan": "327462725b0f759f093788dfbcb2f1fd132f956b",
"status": "affected",
"version": "4af5f2e0301311f88c420fcfc5f3c8611ade20ac",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix uaf in nbd_open\n\nCommit 4af5f2e03013 (\"nbd: use blk_mq_alloc_disk and\nblk_cleanup_disk\") cleans up disk by blk_cleanup_disk() and it won\u0027t set\ndisk-\u003eprivate_data as NULL as before. UAF may be triggered in nbd_open()\nif someone tries to open nbd device right after nbd_put() since nbd has\nbeen free in nbd_dev_remove().\n\nFix this by implementing -\u003efree_disk and free private data in it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:02.911Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4e9b3ec84dc97909876641dad14e0a2300d6c2a3"
},
{
"url": "https://git.kernel.org/stable/c/879947f4180bc6e83af64eb0515e0cf57fce15db"
},
{
"url": "https://git.kernel.org/stable/c/56bd7901b5e9dbc9112036ea615ebcba1565fafe"
},
{
"url": "https://git.kernel.org/stable/c/327462725b0f759f093788dfbcb2f1fd132f956b"
}
],
"title": "nbd: fix uaf in nbd_open",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52837",
"datePublished": "2024-05-21T15:31:37.859Z",
"dateReserved": "2024-05-21T15:19:24.253Z",
"dateUpdated": "2025-05-04T07:44:02.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33619 (GCVE-0-2024-33619)
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2025-05-04 09:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
efi: libstub: only free priv.runtime_map when allocated
priv.runtime_map is only allocated when efi_novamap is not set.
Otherwise, it is an uninitialized value. In the error path, it is freed
unconditionally. Avoid passing an uninitialized value to free_pool.
Free priv.runtime_map only when it was allocated.
This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8938d6f570f010a1dcdbfed3e5b5d3258c2a908"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9dce01f386c9ce6990c0a83fa14b1c95330b037e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ca67a5fe1c606d1fbe24c30a9fc0bdc43a18554"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b2543f7e1e6b91cfc8dd1696e3cdf01c3ac8974"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33619",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:09:50.722948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:46.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/libstub/fdt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b8938d6f570f010a1dcdbfed3e5b5d3258c2a908",
"status": "affected",
"version": "f80d26043af91ceb5036c478101c015edb9e7630",
"versionType": "git"
},
{
"lessThan": "9dce01f386c9ce6990c0a83fa14b1c95330b037e",
"status": "affected",
"version": "f80d26043af91ceb5036c478101c015edb9e7630",
"versionType": "git"
},
{
"lessThan": "6ca67a5fe1c606d1fbe24c30a9fc0bdc43a18554",
"status": "affected",
"version": "f80d26043af91ceb5036c478101c015edb9e7630",
"versionType": "git"
},
{
"lessThan": "4b2543f7e1e6b91cfc8dd1696e3cdf01c3ac8974",
"status": "affected",
"version": "f80d26043af91ceb5036c478101c015edb9e7630",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/libstub/fdt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: libstub: only free priv.runtime_map when allocated\n\npriv.runtime_map is only allocated when efi_novamap is not set.\nOtherwise, it is an uninitialized value. In the error path, it is freed\nunconditionally. Avoid passing an uninitialized value to free_pool.\nFree priv.runtime_map only when it was allocated.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:05:10.403Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b8938d6f570f010a1dcdbfed3e5b5d3258c2a908"
},
{
"url": "https://git.kernel.org/stable/c/9dce01f386c9ce6990c0a83fa14b1c95330b037e"
},
{
"url": "https://git.kernel.org/stable/c/6ca67a5fe1c606d1fbe24c30a9fc0bdc43a18554"
},
{
"url": "https://git.kernel.org/stable/c/4b2543f7e1e6b91cfc8dd1696e3cdf01c3ac8974"
}
],
"title": "efi: libstub: only free priv.runtime_map when allocated",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-33619",
"datePublished": "2024-06-21T10:18:05.007Z",
"dateReserved": "2024-06-21T10:13:16.311Z",
"dateUpdated": "2025-05-04T09:05:10.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36923 (GCVE-0-2024-36923)
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2025-05-04 09:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/9p: fix uninitialized values during inode evict
If an iget fails due to not being able to retrieve information
from the server then the inode structure is only partially
initialized. When the inode gets evicted, references to
uninitialized structures (like fscache cookies) were being
made.
This patch checks for a bad_inode before doing anything other
than clearing the inode from the cache. Since the inode is
bad, it shouldn't have any state associated with it that needs
to be written back (and there really isn't a way to complete
those anyways).
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:33:14.154322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:33:22.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/9p/vfs_inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "18cf7026355187b8d2b4cdfed61dbf873e9d29ff",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3a741b80b3457f079cf637e47800fb7bf8038ad6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1b4cb6e91f19b81217ad98142ee53a1ab25893fd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6630036b7c228f57c7893ee0403e92c2db2cd21d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/9p/vfs_inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.119",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix uninitialized values during inode evict\n\nIf an iget fails due to not being able to retrieve information\nfrom the server then the inode structure is only partially\ninitialized. When the inode gets evicted, references to\nuninitialized structures (like fscache cookies) were being\nmade.\n\nThis patch checks for a bad_inode before doing anything other\nthan clearing the inode from the cache. Since the inode is\nbad, it shouldn\u0027t have any state associated with it that needs\nto be written back (and there really isn\u0027t a way to complete\nthose anyways)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:12:09.604Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/18cf7026355187b8d2b4cdfed61dbf873e9d29ff"
},
{
"url": "https://git.kernel.org/stable/c/3a741b80b3457f079cf637e47800fb7bf8038ad6"
},
{
"url": "https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd"
},
{
"url": "https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d"
}
],
"title": "fs/9p: fix uninitialized values during inode evict",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36923",
"datePublished": "2024-05-30T15:29:17.528Z",
"dateReserved": "2024-05-30T15:25:07.069Z",
"dateUpdated": "2025-05-04T09:12:09.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52768 (GCVE-0-2023-52768)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: wilc1000: use vmm_table as array in wilc struct
Enabling KASAN and running some iperf tests raises some memory issues with
vmm_table:
BUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4
Write of size 4 at addr c3a61540 by task wlan0-tx/95
KASAN detects that we are writing data beyond range allocated to vmm_table.
There is indeed a mismatch between the size passed to allocator in
wilc_wlan_init, and the range of possible indexes used later: allocation
size is missing a multiplication by sizeof(u32)
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 32dd0b22a5ba1dd296ccf2caf46ad44c3a8d5d98 Version: 40b717bfcefab28a0656b8caa5e43d5449e5a671 Version: 40b717bfcefab28a0656b8caa5e43d5449e5a671 Version: 40b717bfcefab28a0656b8caa5e43d5449e5a671 Version: 40b717bfcefab28a0656b8caa5e43d5449e5a671 Version: 5212d958f6518003cd98c9886f8e8aedcfc25741 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:50:15.574062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T17:17:15.027Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/microchip/wilc1000/wlan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "541b3757fd443a68ed8d25968eae511a8275e7c8",
"status": "affected",
"version": "32dd0b22a5ba1dd296ccf2caf46ad44c3a8d5d98",
"versionType": "git"
},
{
"lessThan": "4b0d6ddb6466d10df878a7787f175a0e4adc3e27",
"status": "affected",
"version": "40b717bfcefab28a0656b8caa5e43d5449e5a671",
"versionType": "git"
},
{
"lessThan": "6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e",
"status": "affected",
"version": "40b717bfcefab28a0656b8caa5e43d5449e5a671",
"versionType": "git"
},
{
"lessThan": "3ce1c2c3999b232258f7aabab311d47dda75605c",
"status": "affected",
"version": "40b717bfcefab28a0656b8caa5e43d5449e5a671",
"versionType": "git"
},
{
"lessThan": "05ac1a198a63ad66bf5ae8b7321407c102d40ef3",
"status": "affected",
"version": "40b717bfcefab28a0656b8caa5e43d5449e5a671",
"versionType": "git"
},
{
"status": "affected",
"version": "5212d958f6518003cd98c9886f8e8aedcfc25741",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/microchip/wilc1000/wlan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "5.15.68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: use vmm_table as array in wilc struct\n\nEnabling KASAN and running some iperf tests raises some memory issues with\nvmm_table:\n\nBUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4\nWrite of size 4 at addr c3a61540 by task wlan0-tx/95\n\nKASAN detects that we are writing data beyond range allocated to vmm_table.\nThere is indeed a mismatch between the size passed to allocator in\nwilc_wlan_init, and the range of possible indexes used later: allocation\nsize is missing a multiplication by sizeof(u32)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:28.850Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8"
},
{
"url": "https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27"
},
{
"url": "https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e"
},
{
"url": "https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c"
},
{
"url": "https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3"
}
],
"title": "wifi: wilc1000: use vmm_table as array in wilc struct",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52768",
"datePublished": "2024-05-21T15:30:51.656Z",
"dateReserved": "2024-05-21T15:19:24.238Z",
"dateUpdated": "2025-05-04T12:49:28.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36008 (GCVE-0-2024-36008)
Vulnerability from cvelistv5
Published
2024-05-20 09:48
Modified
2025-05-04 09:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv4: check for NULL idev in ip_route_use_hint()
syzbot was able to trigger a NULL deref in fib_validate_source()
in an old tree [1].
It appears the bug exists in latest trees.
All calls to __in_dev_get_rcu() must be checked for a NULL result.
[1]
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 2 PID: 3257 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:fib_validate_source+0xbf/0x15a0 net/ipv4/fib_frontend.c:425
Code: 18 f2 f2 f2 f2 42 c7 44 20 23 f3 f3 f3 f3 48 89 44 24 78 42 c6 44 20 27 f3 e8 5d 88 48 fc 4c 89 e8 48 c1 e8 03 48 89 44 24 18 <42> 80 3c 20 00 74 08 4c 89 ef e8 d2 15 98 fc 48 89 5c 24 10 41 bf
RSP: 0018:ffffc900015fee40 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88800f7a4000 RCX: ffff88800f4f90c0
RDX: 0000000000000000 RSI: 0000000004001eac RDI: ffff8880160c64c0
RBP: ffffc900015ff060 R08: 0000000000000000 R09: ffff88800f7a4000
R10: 0000000000000002 R11: ffff88800f4f90c0 R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffff88800f7a4000
FS: 00007f938acfe6c0(0000) GS:ffff888058c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f938acddd58 CR3: 000000001248e000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ip_route_use_hint+0x410/0x9b0 net/ipv4/route.c:2231
ip_rcv_finish_core+0x2c4/0x1a30 net/ipv4/ip_input.c:327
ip_list_rcv_finish net/ipv4/ip_input.c:612 [inline]
ip_sublist_rcv+0x3ed/0xe50 net/ipv4/ip_input.c:638
ip_list_rcv+0x422/0x470 net/ipv4/ip_input.c:673
__netif_receive_skb_list_ptype net/core/dev.c:5572 [inline]
__netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5620
__netif_receive_skb_list net/core/dev.c:5672 [inline]
netif_receive_skb_list_internal+0x9f9/0xdc0 net/core/dev.c:5764
netif_receive_skb_list+0x55/0x3e0 net/core/dev.c:5816
xdp_recv_frames net/bpf/test_run.c:257 [inline]
xdp_test_run_batch net/bpf/test_run.c:335 [inline]
bpf_test_run_xdp_live+0x1818/0x1d00 net/bpf/test_run.c:363
bpf_prog_test_run_xdp+0x81f/0x1170 net/bpf/test_run.c:1376
bpf_prog_test_run+0x349/0x3c0 kernel/bpf/syscall.c:3736
__sys_bpf+0x45c/0x710 kernel/bpf/syscall.c:5115
__do_sys_bpf kernel/bpf/syscall.c:5201 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5199 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5199
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 02b24941619fcce3d280311ac73b1e461552e9c8 Version: 02b24941619fcce3d280311ac73b1e461552e9c8 Version: 02b24941619fcce3d280311ac73b1e461552e9c8 Version: 02b24941619fcce3d280311ac73b1e461552e9c8 Version: 02b24941619fcce3d280311ac73b1e461552e9c8 Version: 02b24941619fcce3d280311ac73b1e461552e9c8 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:05:40.708798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:45.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7da0f91681c4902bc5c210356fdd963b04d5d1d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03b5a9b2b526862b21bcc31976e393a6e63785d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a25bfd12733a8f38f8ca47c581f876c3d481ac0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8240c7308c941db4d9a0a91b54eca843c616a655"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c71ea3534ec0936fc57e6fb271c7cc6a2f68c295"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7da0f91681c4902bc5c210356fdd963b04d5d1d4",
"status": "affected",
"version": "02b24941619fcce3d280311ac73b1e461552e9c8",
"versionType": "git"
},
{
"lessThan": "03b5a9b2b526862b21bcc31976e393a6e63785d1",
"status": "affected",
"version": "02b24941619fcce3d280311ac73b1e461552e9c8",
"versionType": "git"
},
{
"lessThan": "7a25bfd12733a8f38f8ca47c581f876c3d481ac0",
"status": "affected",
"version": "02b24941619fcce3d280311ac73b1e461552e9c8",
"versionType": "git"
},
{
"lessThan": "8240c7308c941db4d9a0a91b54eca843c616a655",
"status": "affected",
"version": "02b24941619fcce3d280311ac73b1e461552e9c8",
"versionType": "git"
},
{
"lessThan": "c71ea3534ec0936fc57e6fb271c7cc6a2f68c295",
"status": "affected",
"version": "02b24941619fcce3d280311ac73b1e461552e9c8",
"versionType": "git"
},
{
"lessThan": "58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1",
"status": "affected",
"version": "02b24941619fcce3d280311ac73b1e461552e9c8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.158",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.30",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.9",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: check for NULL idev in ip_route_use_hint()\n\nsyzbot was able to trigger a NULL deref in fib_validate_source()\nin an old tree [1].\n\nIt appears the bug exists in latest trees.\n\nAll calls to __in_dev_get_rcu() must be checked for a NULL result.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 2 PID: 3257 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:fib_validate_source+0xbf/0x15a0 net/ipv4/fib_frontend.c:425\nCode: 18 f2 f2 f2 f2 42 c7 44 20 23 f3 f3 f3 f3 48 89 44 24 78 42 c6 44 20 27 f3 e8 5d 88 48 fc 4c 89 e8 48 c1 e8 03 48 89 44 24 18 \u003c42\u003e 80 3c 20 00 74 08 4c 89 ef e8 d2 15 98 fc 48 89 5c 24 10 41 bf\nRSP: 0018:ffffc900015fee40 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88800f7a4000 RCX: ffff88800f4f90c0\nRDX: 0000000000000000 RSI: 0000000004001eac RDI: ffff8880160c64c0\nRBP: ffffc900015ff060 R08: 0000000000000000 R09: ffff88800f7a4000\nR10: 0000000000000002 R11: ffff88800f4f90c0 R12: dffffc0000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ffff88800f7a4000\nFS: 00007f938acfe6c0(0000) GS:ffff888058c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f938acddd58 CR3: 000000001248e000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n ip_route_use_hint+0x410/0x9b0 net/ipv4/route.c:2231\n ip_rcv_finish_core+0x2c4/0x1a30 net/ipv4/ip_input.c:327\n ip_list_rcv_finish net/ipv4/ip_input.c:612 [inline]\n ip_sublist_rcv+0x3ed/0xe50 net/ipv4/ip_input.c:638\n ip_list_rcv+0x422/0x470 net/ipv4/ip_input.c:673\n __netif_receive_skb_list_ptype net/core/dev.c:5572 [inline]\n __netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5620\n __netif_receive_skb_list net/core/dev.c:5672 [inline]\n netif_receive_skb_list_internal+0x9f9/0xdc0 net/core/dev.c:5764\n netif_receive_skb_list+0x55/0x3e0 net/core/dev.c:5816\n xdp_recv_frames net/bpf/test_run.c:257 [inline]\n xdp_test_run_batch net/bpf/test_run.c:335 [inline]\n bpf_test_run_xdp_live+0x1818/0x1d00 net/bpf/test_run.c:363\n bpf_prog_test_run_xdp+0x81f/0x1170 net/bpf/test_run.c:1376\n bpf_prog_test_run+0x349/0x3c0 kernel/bpf/syscall.c:3736\n __sys_bpf+0x45c/0x710 kernel/bpf/syscall.c:5115\n __do_sys_bpf kernel/bpf/syscall.c:5201 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5199 [inline]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5199"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:10:24.352Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7da0f91681c4902bc5c210356fdd963b04d5d1d4"
},
{
"url": "https://git.kernel.org/stable/c/03b5a9b2b526862b21bcc31976e393a6e63785d1"
},
{
"url": "https://git.kernel.org/stable/c/7a25bfd12733a8f38f8ca47c581f876c3d481ac0"
},
{
"url": "https://git.kernel.org/stable/c/8240c7308c941db4d9a0a91b54eca843c616a655"
},
{
"url": "https://git.kernel.org/stable/c/c71ea3534ec0936fc57e6fb271c7cc6a2f68c295"
},
{
"url": "https://git.kernel.org/stable/c/58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1"
}
],
"title": "ipv4: check for NULL idev in ip_route_use_hint()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36008",
"datePublished": "2024-05-20T09:48:07.596Z",
"dateReserved": "2024-05-17T13:50:33.152Z",
"dateUpdated": "2025-05-04T09:10:24.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38568 (GCVE-0-2024-38568)
Vulnerability from cvelistv5
Published
2024-06-19 13:35
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
The perf tool allows users to create event groups through following
cmd [1], but the driver does not check whether the array index is out
of bounds when writing data to the event_group array. If the number of
events in an event_group is greater than HNS3_PMU_MAX_HW_EVENTS, the
memory write overflow of event_group array occurs.
Add array index check to fix the possible array out of bounds violation,
and return directly when write new events are written to array bounds.
There are 9 different events in an event_group.
[1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3669baf308308385a2ab391324abdde5682af5aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be1fa711e59c874d049f592aef1d4685bdd22bdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b5120d322763c15c978bc47beb3b6dff45624304"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa2d3d678895c8eedd003f1473f87d3f06fe6ec7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81bdd60a3d1d3b05e6cc6674845afb1694dd3a0e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:14:25.306503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:56.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/perf/hisilicon/hns3_pmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3669baf308308385a2ab391324abdde5682af5aa",
"status": "affected",
"version": "66637ab137b44914356a9dc7a9b3f8ebcf0b0695",
"versionType": "git"
},
{
"lessThan": "be1fa711e59c874d049f592aef1d4685bdd22bdf",
"status": "affected",
"version": "66637ab137b44914356a9dc7a9b3f8ebcf0b0695",
"versionType": "git"
},
{
"lessThan": "b5120d322763c15c978bc47beb3b6dff45624304",
"status": "affected",
"version": "66637ab137b44914356a9dc7a9b3f8ebcf0b0695",
"versionType": "git"
},
{
"lessThan": "aa2d3d678895c8eedd003f1473f87d3f06fe6ec7",
"status": "affected",
"version": "66637ab137b44914356a9dc7a9b3f8ebcf0b0695",
"versionType": "git"
},
{
"lessThan": "81bdd60a3d1d3b05e6cc6674845afb1694dd3a0e",
"status": "affected",
"version": "66637ab137b44914356a9dc7a9b3f8ebcf0b0695",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/perf/hisilicon/hns3_pmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: hns3: Fix out-of-bound access when valid event group\n\nThe perf tool allows users to create event groups through following\ncmd [1], but the driver does not check whether the array index is out\nof bounds when writing data to the event_group array. If the number of\nevents in an event_group is greater than HNS3_PMU_MAX_HW_EVENTS, the\nmemory write overflow of event_group array occurs.\n\nAdd array index check to fix the possible array out of bounds violation,\nand return directly when write new events are written to array bounds.\n\nThere are 9 different events in an event_group.\n[1] perf stat -e \u0027{pmu/event1/, ... ,pmu/event9/}"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:17.865Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3669baf308308385a2ab391324abdde5682af5aa"
},
{
"url": "https://git.kernel.org/stable/c/be1fa711e59c874d049f592aef1d4685bdd22bdf"
},
{
"url": "https://git.kernel.org/stable/c/b5120d322763c15c978bc47beb3b6dff45624304"
},
{
"url": "https://git.kernel.org/stable/c/aa2d3d678895c8eedd003f1473f87d3f06fe6ec7"
},
{
"url": "https://git.kernel.org/stable/c/81bdd60a3d1d3b05e6cc6674845afb1694dd3a0e"
}
],
"title": "drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38568",
"datePublished": "2024-06-19T13:35:34.925Z",
"dateReserved": "2024-06-18T19:36:34.923Z",
"dateUpdated": "2025-05-04T09:14:17.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47432 (GCVE-0-2021-47432)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
lib/generic-radix-tree.c: Don't overflow in peek()
When we started spreading new inode numbers throughout most of the 64
bit inode space, that triggered some corner case bugs, in particular
some integer overflows related to the radix tree code. Oops.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T17:47:48.909736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T15:31:57.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:39:59.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/generic-radix-tree.h",
"lib/generic-radix-tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "784d01f9bbc282abb0c5ade5beb98a87f50343ac",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ec298b958cb0c40d70c68079da933c8f31c5134c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "aa7f1827953100cdde0795289a80c6c077bfe437",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9492261ff2460252cf2d8de89cdf854c7e2b28a0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/generic-radix-tree.h",
"lib/generic-radix-tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Don\u0027t overflow in peek()\n\nWhen we started spreading new inode numbers throughout most of the 64\nbit inode space, that triggered some corner case bugs, in particular\nsome integer overflows related to the radix tree code. Oops."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:10:46.671Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac"
},
{
"url": "https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c"
},
{
"url": "https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437"
},
{
"url": "https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0"
}
],
"title": "lib/generic-radix-tree.c: Don\u0027t overflow in peek()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47432",
"datePublished": "2024-05-21T15:30:36.904Z",
"dateReserved": "2024-05-21T14:58:30.829Z",
"dateUpdated": "2025-05-04T07:10:46.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38587 (GCVE-0-2024-38587)
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2025-05-04 09:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
speakup: Fix sizeof() vs ARRAY_SIZE() bug
The "buf" pointer is an array of u16 values. This code should be
using ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512),
otherwise it can the still got out of bounds.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 756c5cb7c09e537b87b5d3acafcb101b2ccf394f Version: 8f6b62125befe1675446923e4171eac2c012959c Version: 6401038acfa24cba9c28cce410b7505efadd0222 Version: 0d130158db29f5e0b3893154908cf618896450a8 Version: 89af25bd4b4bf6a71295f07e07a8ae7dc03c6595 Version: 8defb1d22ba0395b81feb963b96e252b097ba76f Version: 0efb15c14c493263cb3a5f65f5ddfd4603d19a76 Version: c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1 Version: c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T14:49:14.118323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:21:08.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42f0a3f67158ed6b2908d2b9ffbf7e96d23fd358"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd7f3978c2ec741aedd1d860b2adb227314cf996"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07ef95cc7a579731198c93beed281e3a79a0e586"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/504178fb7d9f6cdb0496d5491efb05f45597e535"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3726f75a1ccc16cd335c0ccfad1d92ee08ecba5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6e1650cf5df1bd6638eeee231a683ef30c7d4eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb1ea64328d4cc7d7a912c563f8523d5259716ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d52c04474feac8e305814a5228e622afe481b2ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/008ab3c53bc4f0b2f20013c8f6c204a3203d0b8b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/accessibility/speakup/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "42f0a3f67158ed6b2908d2b9ffbf7e96d23fd358",
"status": "affected",
"version": "756c5cb7c09e537b87b5d3acafcb101b2ccf394f",
"versionType": "git"
},
{
"lessThan": "cd7f3978c2ec741aedd1d860b2adb227314cf996",
"status": "affected",
"version": "8f6b62125befe1675446923e4171eac2c012959c",
"versionType": "git"
},
{
"lessThan": "07ef95cc7a579731198c93beed281e3a79a0e586",
"status": "affected",
"version": "6401038acfa24cba9c28cce410b7505efadd0222",
"versionType": "git"
},
{
"lessThan": "504178fb7d9f6cdb0496d5491efb05f45597e535",
"status": "affected",
"version": "0d130158db29f5e0b3893154908cf618896450a8",
"versionType": "git"
},
{
"lessThan": "3726f75a1ccc16cd335c0ccfad1d92ee08ecba5e",
"status": "affected",
"version": "89af25bd4b4bf6a71295f07e07a8ae7dc03c6595",
"versionType": "git"
},
{
"lessThan": "c6e1650cf5df1bd6638eeee231a683ef30c7d4eb",
"status": "affected",
"version": "8defb1d22ba0395b81feb963b96e252b097ba76f",
"versionType": "git"
},
{
"lessThan": "eb1ea64328d4cc7d7a912c563f8523d5259716ef",
"status": "affected",
"version": "0efb15c14c493263cb3a5f65f5ddfd4603d19a76",
"versionType": "git"
},
{
"lessThan": "d52c04474feac8e305814a5228e622afe481b2ef",
"status": "affected",
"version": "c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1",
"versionType": "git"
},
{
"lessThan": "008ab3c53bc4f0b2f20013c8f6c204a3203d0b8b",
"status": "affected",
"version": "c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/accessibility/speakup/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.19.313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "5.4.275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.10.216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.15.157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "6.1.88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "6.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "6.8.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspeakup: Fix sizeof() vs ARRAY_SIZE() bug\n\nThe \"buf\" pointer is an array of u16 values. This code should be\nusing ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512),\notherwise it can the still got out of bounds."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:42.988Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/42f0a3f67158ed6b2908d2b9ffbf7e96d23fd358"
},
{
"url": "https://git.kernel.org/stable/c/cd7f3978c2ec741aedd1d860b2adb227314cf996"
},
{
"url": "https://git.kernel.org/stable/c/07ef95cc7a579731198c93beed281e3a79a0e586"
},
{
"url": "https://git.kernel.org/stable/c/504178fb7d9f6cdb0496d5491efb05f45597e535"
},
{
"url": "https://git.kernel.org/stable/c/3726f75a1ccc16cd335c0ccfad1d92ee08ecba5e"
},
{
"url": "https://git.kernel.org/stable/c/c6e1650cf5df1bd6638eeee231a683ef30c7d4eb"
},
{
"url": "https://git.kernel.org/stable/c/eb1ea64328d4cc7d7a912c563f8523d5259716ef"
},
{
"url": "https://git.kernel.org/stable/c/d52c04474feac8e305814a5228e622afe481b2ef"
},
{
"url": "https://git.kernel.org/stable/c/008ab3c53bc4f0b2f20013c8f6c204a3203d0b8b"
}
],
"title": "speakup: Fix sizeof() vs ARRAY_SIZE() bug",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38587",
"datePublished": "2024-06-19T13:37:42.537Z",
"dateReserved": "2024-06-18T19:36:34.929Z",
"dateUpdated": "2025-05-04T09:14:42.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52757 (GCVE-0-2023-52757)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential deadlock when releasing mids
All release_mid() callers seem to hold a reference of @mid so there is
no need to call kref_put(&mid->refcount, __release_mid) under
@server->mid_lock spinlock. If they don't, then an use-after-free bug
would have occurred anyways.
By getting rid of such spinlock also fixes a potential deadlock as
shown below
CPU 0 CPU 1
------------------------------------------------------------------
cifs_demultiplex_thread() cifs_debug_data_proc_show()
release_mid()
spin_lock(&server->mid_lock);
spin_lock(&cifs_tcp_ses_lock)
spin_lock(&server->mid_lock)
__release_mid()
smb2_find_smb_tcon()
spin_lock(&cifs_tcp_ses_lock) *deadlock*
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:37:12.677779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:56.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/cifsproto.h",
"fs/smb/client/smb2misc.c",
"fs/smb/client/transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "99f476e27aad5964ab13777d84fda67d1356dec1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ce49569079a9d4cad26c0f1d4653382fd9a5ca7a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b9bb9607b1fc12fca51f5632da25b36975f599bf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c1a5962f1462b64fe7b69f20a4b6af8067bc2d26",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e6322fd177c6885a21dd4609dc5e5c973d1a2eb7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/cifsproto.h",
"fs/smb/client/smb2misc.c",
"fs/smb/client/transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when releasing mids\n\nAll release_mid() callers seem to hold a reference of @mid so there is\nno need to call kref_put(\u0026mid-\u003erefcount, __release_mid) under\n@server-\u003emid_lock spinlock. If they don\u0027t, then an use-after-free bug\nwould have occurred anyways.\n\nBy getting rid of such spinlock also fixes a potential deadlock as\nshown below\n\nCPU 0 CPU 1\n------------------------------------------------------------------\ncifs_demultiplex_thread() cifs_debug_data_proc_show()\n release_mid()\n spin_lock(\u0026server-\u003emid_lock);\n spin_lock(\u0026cifs_tcp_ses_lock)\n\t\t\t\t spin_lock(\u0026server-\u003emid_lock)\n __release_mid()\n smb2_find_smb_tcon()\n spin_lock(\u0026cifs_tcp_ses_lock) *deadlock*"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:34.939Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/99f476e27aad5964ab13777d84fda67d1356dec1"
},
{
"url": "https://git.kernel.org/stable/c/ce49569079a9d4cad26c0f1d4653382fd9a5ca7a"
},
{
"url": "https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29"
},
{
"url": "https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf"
},
{
"url": "https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26"
},
{
"url": "https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7"
}
],
"title": "smb: client: fix potential deadlock when releasing mids",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52757",
"datePublished": "2024-05-21T15:30:44.248Z",
"dateReserved": "2024-05-21T15:19:24.237Z",
"dateUpdated": "2025-05-04T07:42:34.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…